You can run the Carbon Black Containerized Sensor on a host that has the Docker client to detect and enforce EDR and Container Scanning capabilities. Additionally, the Containerized Sensor can detect vulnerabilities, malware, and secrets in the runtime in a Docker container.
Prerequisites
You must have the following products and information:
- Linux Host with docker installed
- Carbon Black Cloud Container
- Carbon Black EDR
- API key with appropriate permissions
- See:
Procedure
- Add the environment variables you received from the setup wizard you ran in Set up a Containerized Sensor to the docker-compose.yaml file.
version: "3.3"
services:
sensor:
pid:host
network_mode: host
image: docker.io/cbartifactory/cb-containers-sensor:{sensor-version}
privileged: true
environment:
# fill environment variables here
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /boot:/boot
- /var/opt/carbonblack:/var/opt/carbonblack
- /etc/os-release:/etc/os-release
- /:/var/opt/root
- /etc/hostname:/etc/hostname
- Deploy the agent container by running the following command: