Perform the following procedure to create and attach to a Live Response sensor session.
Procedure
- On the navigation bar, click Sensors and then click the name of the endpoint.
- Click Go Live.
The Live Response page appears with a command window on the left and an information panel on the right. The command window prompt shows the name of the host and the current directory in which Live Response is active. The information panel includes the following:
-
Host Details
-
Alerts related to the host
-
Running Processes on the host
A status indicator (dot) and a message appear immediately above the command window. The dot has the following color code:-
Green – The sensor is connected and a session has been established. The host name is shown.
-
Orange – The Carbon Black EDR server is waiting for the sensor to check in, or no host is connected because no session is attached.
-
Gray – A session cannot be established with the sensor because the host is offline, the sensor is disabled, or the sensor is not a version that supports Live Response.
-
- To view a list of the available commands, click in the command window area and enter the
help
command. You can get information about a specific command by entering:help commandname
For a complete list of Live Response commands, see Live Response Endpoint Sessions.