Beginning with Carbon Black EDR server version 6.2.2 and macOS sensor version 6.2.0, a sensor diagnostics tool can collect diagnostic data packages from the endpoint and upload them to a cloud location for analysis, using the Carbon Black EDR server as an intermediary.
The collected data can help Carbon Black representatives troubleshoot crashes, performance problems, or other situations in which you believe there is an issue with a sensor. This feature as available on both on-premise and cloud servers. It is currently available only on the latest macOS sensor.
There are three different categories of data that can be uploaded using this feature:
- Crash data (automatic or manual): This option returns crash reports for Carbon Black user-mode Service and Sensor Diags. You can choose to package and upload crash data manually or set it for automatic packaging and upload when there is a crash.
- Diagnostics data (manual): This option returns information about the sensor. The data includes a sample of the Carbon Black user-mode Service, Carbon Black user-mode service statistics, cblog.log (installer log), any diag files for Carbon Black user-mode service, system log messages containing "Carbon Black" and all daemon log files. This can be useful for situations in which, while there has not been a crash, other behavior suggests a problem in sensor operations. This option must be run manually.
- Environment data (manual): This option returns a list of all open files, a list of all running processes and the amount of CPU they are using, and computer information including Power-On Self Test, Memory, System Software Version, Boot Device, Computer Name, User Name, and a list of all kernel extensions. This option must be run manually.
