This page is an aggregate of all OER topics onto a single page for more convenient HTML viewing.
Supported Operating Systems for the Carbon Black Cloud Sensor
For a complete list of supported operating systems, see the following sensor OERs:
Supported Browsers for the Carbon Black Cloud Workload Console
- Windows: Firefox, Chrome, and Edge
- macOS: Safari, Firefox, and Chrome
macOS User Space Functionality
Therefore, there are some functional differences when using the sensor in System Extension mode on macOS 11 and later.
Using the sensor in KEXT mode achieves the same functionality on macOS 11 as it does on older operating systems.
Unless otherwise specified, documentation related to macOS functionality on the Carbon Black Cloud pertains to macOS 10.15 and earlier or to functionality delivered via the KEXT on macOS 11.
The following matrix outlines macOS functionality on the Carbon Black Cloud. The functionality detailed in the macOS 11+ column pertains to the sensor’s functionality in user space (System Extension) in the initial macOS 11-compatible sensor release (v3.5.1+). For functionality provided via the kernel extension, refer to the macOS 10.12 - 11+ column.
| Functionality | macOS10.12 - 11 (KEXT) | macOS 11+(user-space) |
|---|---|---|
| Audit & Remediation (enterprise-class Osquery) | X | X |
| Open APIs to Query All Endpoint Data | X | X |
| Open APIs to Invoke All Remediation Functions | X | X |
Live Query Support
Live Query is Supported on:
- Windows Clients running Windows 7+, 64-bit devices only
- Windows Servers running Windows 2008 R2+, 64-bit devices only
- macOS 10.10+
- macOS Catalina
- Red Hat 6+
- Red Hat 7
- CentOS 7
- Ubuntu 16.04+
- SUSE 12+
- OpenSUSE 15 & 42
- Amazon Linux 2
Additional Live Query Support Information:
- For Windows & macOS, an upgrade to the 3.3 sensor (or later) is required
- Sensor version 3.4.0.820+ is required if using a proxy for endpoints
- For Linux, an upgrade to the 2.3 sensor (or later) is required
- Users with "Use Live Query" privileges enabled in their role can run queries and view results
- Users with "View Live Query" privileges enabled in their role can only view results
- Live Query is powered by Osquery an open source project written in SQL
Carbon Black Cloud on AWS GovCloud (US) Support
This section is specific only to Carbon Black Cloud on AWS GovCloud (US) customers.
Live Query is Supported on:
Live Query on VMware Carbon Black Cloud on AWS GovCloud (US) is only supported on Windows 10, 64-bit devices only.
The Carbon Black Cloud sensor relies on an open source third-party osquery tool (https://osquery.io/) to perform Live Queries. Osquery uses a non-FIPS 140-2 validated version of openssl for some cryptographic functions that are performed as part of satisfying those queries. Therefore, if FIPS 140-2 compliance is a requirement, be aware that Live Queries may perform TLS handshakes as part of the query such as ones that hit the “curl” table, or may gather cryptographic file hashes using the non-FIPS verified version of openssl. Until this is resolved, please be mindful of this limitation.
Additional Live Query Support Information:
- For Windows, an upgrade to the 3.3 sensor (or later) is required
- Sensor version 3.4.0.820+ is required if using a proxy for endpoints
- Users with "Use Live Query" privileges enabled in their role can run queries and view results
- Users with "View Live Query" privileges enabled in their role can only view results
- Live Query is powered by Osquery an open source project written in SQL
- All OSs must be currently running the 4.1.2 Osquery build version
Sensor Hardware Requirements
Endpoints must be in compliance with all hardware requirements for the host operating system.
Consider all processes that run on the endpoints when determining your hardware configuration. We recommend a multi-core CPU for all installations.
The following metrics represent system requirements against a minimum environment, which is defined in the context as a user level system (such as an inactive laptop).
Windows Sensor Hardware Requirements
| Metric | Endpoint Standard + Audit & Remediation | Endpoint Standard + Enterprise EDR + Audit & Remediation |
|---|---|---|
| CPU | Minimum: 1.8 GHzRecommended: 2 GHz32-bit is not supported | Minimum: 1.8 GHzRecommended: 2 GHz32-bit is not supported |
| Memory | 1 GB2 GB for Windows 10/2016+ | 1 GB2 GB for Windows 10/2016+ |
| Cores | 2 | 2 |
| Network required | Minimum: 100 MbitRecommended: 1 Gbit | Minimum: 100 MbitRecommended: 1 Gbit |
| Minimum network during light usage | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each |
| Free disk space | Minimum: 100 MBRecommended: 500 MB | Minimum: 100 MBRecommended: 500MB |
Linux Sensor Hardware Requirements
| Metric | Audit & Remediation | Enterprise EDR + Audit & Remediation |
|---|---|---|
| CPU | Any 64-bit x86-64 chipset No speed required 32-bit is not supported |
Any 64-bit x86-64 chipset No speed required 32-bit is not supported |
| Memory | 10 MB | 110 MB |
| Cores | 1 | 2 |
| Network Required | Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
| Minimum network during light usage | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each |
| Free disk space | /opt: 100 MB /var: 900 MB |
/opt: 100 MB /var: 2200 MB |
macOS Sensor Hardware Requirements
| Metric | Audit & Remediation | Endpoint Standard + Audit & Remediation | Enterprise EDR + Audit & Remediation | Endpoint Standard + Enterprise EDR + Audit & Remediation |
|---|---|---|---|---|
| CPU | Any supported x86-64 or arm64* 32-bit is not supported |
Any supported x86-64 or arm64* | Any supported x86-64 or arm64* | Any supported x86-64 or arm64* |
| Memory | 1 GB | 2 GB | 2 GB | 2 GB |
| Cores | 1 | 2 | 2 | 2 |
| Network required | Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
| Minimum network during light usage | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each
|
1k bytes/sec read/writes each | 1k bytes/sec read/writes each |
| Free disk space | Minimum: 100 MB Recommended: 500 MB |
Minimum: 100 MB Recommended: 500 MB |
Minimum: 100 MB Recommended: 500 MB |
Minimum: 200 MB Recommended: 1 GB |
*arm64 CPU requires macOS sensor 3.6 or higher.
