You can backup and restore files to rebuild an underlying OS image or to move Carbon Black EDR to a new machine.

The container is easy to download because it is immutable. Backing up and restoring the container data directory allows containerized Carbon Black EDR to operate on the new instance.

Container Data Directory

Containerized Carbon Black EDR creates a data directory starting from the file location where the edr-docker script is initially executed. Subdirectories contain all Carbon Black EDR-specific mutable files.

  • The data/config folder contains all configuration files that previously existed in /etc/cb/.
  • The data/data folder contains all of the system data that previously existed in /var/cb/.
  • The data/logs folder contains service logs that previously existed in /var/log/cb.
  • The data/sensors folder contains sensor installers that previously existed in /usr/share/cb/coreservices/installers.