This page is an aggregate of all OER topics onto a single page for more convenient HTML viewing.
Supported Operating Systems for the Carbon Black Cloud Sensor
For a complete list of supported operating systems, see the following sensor OERs:
Supported Browsers for the Carbon Black Cloud Console
- Windows: Firefox, Chrome, and Edge
- macOS: Safari, Firefox, and Chrome
Linux 4.4+ Kernels for Linux Sensor 2.10+
Prior to installing the sensor, the underlying BPF implementation requires the Linux kernel headers for the active kernel to be installed.
See Linux Kernel Requirements for Linux Sensor Versions 2.10+ .
macOS User Space Functionality
Beginning in macOS 11, the Carbon Black Cloud macOS sensor (v3.5.1) operates by default in user-space via System Extensions (user-space) instead of Kernel Extensions (KEXTs) that are used in prior versions of the agent. Therefore, there are some functional differences when using the sensor in System Extension mode on macOS 11 and later.
Using the sensor in KEXT mode achieves the same functionality on macOS 11 as it does on older operating systems.
Unless otherwise specified, documentation related to macOS functionality on the Carbon Black Cloud pertains to macOS 10.15 and earlier or to functionality delivered via the KEXT on macOS 11.
The following matrix outlines macOS functionality on the Carbon Black Cloud. The functionality detailed in the macOS 11+ column pertains to the sensor’s functionality in user space (System Extension) in the initial macOS 11-compatible sensor release (v3.5.1+). For functionality provided via the kernel extension, refer to the macOS 10.12 - 11+ column.
| Functionality | macOS10.12 - 11 (KEXT) | macOS 11+(user-space) |
|---|---|---|
| Continuous Endpoint Telemetry Data Collection: | ||
|
X | X |
|
X | X |
|
X | X |
|
X | |
|
X | |
|
X | X |
| 30 Day Data Retention (longer if associated with an alert) | X | X |
| Regex and Wildcard Search/Alert Query Language Support | X | X |
| Custom/Customer-created Alert Criteria | X | X |
| Support for Industry-standard Threat Feeds (STIX/TAXII) | X | X |
Sensor Hardware Requirements
Endpoints must be in compliance with all hardware requirements for the host operating system.
Consider all processes that run on the endpoints when determining your hardware configuration. We recommend a multi-core CPU for all installations.
The following metrics represent system requirements against a minimum environment, which is defined in the context as a user level system (such as an inactive laptop).
Windows Sensor Hardware Requirements
| Metric | Enterprise EDR + Endpoint Standard | Enterprise EDR + Endpoint Standard + Audit & Remediation |
|---|---|---|
| CPU | Minimum: 1.8 GHz Recommended: 2 GHz | Minimum: 1.8 GHz Recommended: 2 GHz |
| Memory | 1 GB2 GB for Windows 10/2016+ | 1 GB2 GB for Windows 10/2016+ |
| Cores | 2 | 2 |
| Network required | Minimum: 100 Mbit Recommended: 1 Gbit | Minimum: 100 Mbit Recommended: 1 Gbit |
| Minimum network during light usage | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each |
| Free disk space | Minimum: 100 MB Recommended: 500 MB | Minimum: 100 MB Recommended: 500 MB |
macOS Sensor Hardware Requirements
| Metric | Enterprise EDR | Enterprise EDR + Audit & Remediation | Endpoint Standard + Enterprise EDR | Endpoint Standard + Enterprise EDR + Audit & Remediation |
|---|---|---|---|---|
| CPU | Any supported x86-64 or arm64* | Any supported x86-64 or arm64* | Any supported x86-64 or arm64* | Any supported x86-64 or arm64* |
| Memory | 2 GB | 2 GB | 2 GB | 2 GB |
| Cores | 2 | 2 | 2 | 2 |
| Network required | Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
| Minimum network during light usage | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each |
| Free disk space | Minimum: 100 MB Recommended: 500 MB |
Minimum: 100 MB Recommended: 500 MB |
Minimum: 200 MB Recommended: 1 GB |
Minimum: 200 MB Recommended: 1 GB |
*arm64 CPU requires macOS sensor 3.6 or higher.
Linux Sensor Hardware Requirements
| Metric | Enterprise EDR | Enterprise EDR + Endpoint Standard | Enterprise EDR + Endpoint Standard + Audit & Remediation |
|---|---|---|---|
| CPU | Any 64-bit x86-64 chipset No speed required |
Any 64-bit x86-64 chipset No speed required |
Any 64-bit x86-64 chipset No speed required |
| Memory | 100 MB | 250 MB | 250 MB |
| Cores | 2 | 2 | 2 |
| Network Required | Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
Minimum: 100 Mbit Recommended: 1 Gbit |
| Minimum network during light usage | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each | 1k bytes/sec read/writes each |
| Free disk space | /opt: 100 MB /var: 1600 MB |
/opt: 100 MB /var: 2600 MB |
/opt: 100 MB /var: 3200 MB |
