The primary configuration file for the Carbon Black EDR server is /etc/cb/cb.conf. The first time you install the Carbon Black EDR server, running
cbinit creates the cb.conf file from a template that includes the standard parameters and default settings.
In a many environments, there is no need to modify cb.conf directly — many configuration options are either set during installation or through the Carbon Black EDR console. Configuration options described in this document, however, can be useful for troubleshooting issues with the server, customizing the configuration for local integration, or making other customizations and for enabling features such as Live Response.
Some advanced settings in the console can be additionally limited for use via a corresponding cb.conf setting. For these settings, if there is no value in cb.conf , the console interface controls behavior. If there is a value in cb.conf , that value is fixed and cannot be altered through the console interface. This lets you control whether console users can modify these settings. Among the settings are:
CbLREnabled– controls whether Live Response is available.
ShowGDPR Banner– controls displays of a banner to indicate an EU instance.
CbServerCertWarnBeforeExpirationDays– determines whether and how far in advance a warning appears when a server communication certificate is expiring.
CbServerSSLCertStrictCheck– determines whether a strict certificate check is required for server-sensor communication certificates: a setting that, if set incorrectly for your environment, can prevent sensor check-in.
ForceBlockCoreJoinsInSearchTo– determines whether to allow certain process searches that have high performance impact
In some cases you change the value of a setting that is already in the cb.conf file. In others, you must add both the setting and its value because they are not in the cb.conf file that is created during server initialization.