You can run the Carbon Black Containerized Sensor on a host that has the Docker client to detect and enforce EDR and Container Scanning capabilities. Additionally, the Containerized Sensor can detect vulnerabilities, malware, and secrets in the runtime in a Docker container.

Prerequisites

You must have the following products and information:

Procedure

  1. Add the environment variables you received from the setup wizard you ran in Set up a Containerized Sensor to the docker-compose.yaml file.
    version: "3.3"
    services:
      sensor:
        pid:host
        network_mode: host
        image: docker.io/cbartifactory/cb-containers-sensor:{sensor-version} 
        privileged: true
        environment:
          # fill environment variables here
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock:ro
          - /boot:/boot
          - /var/opt/carbonblack:/var/opt/carbonblack
          - /etc/os-release:/etc/os-release
          - /:/var/opt/root
          - /etc/hostname:/etc/hostname
    
  2. Deploy the agent container by running the following command:
    docker-compose up -d