Issue
I have been tasked with collecting some information from the endpoints in our environment. This would be information such as listing the local administrators that are on each endpoint, if an endpoint has a dynamically assigned IP versus static IP, determining if certain applications are installed, etc. I was wondering if Red Canary or the VMware Carbon Black Cloud sensor itself can be leveraged to accomplish such tasks.
Environment
VMware Carbon Black Cloud; Audit and Remediation
Resolution
If your organization is licensed for the Audit and Remediation product, then such tasks certain administrative tasks can be accomplished. Audit and Remediation is a component of the VMware Carbon Black Cloud platform that allows users to query any endpoint in their environment that has a sensor installed via LiveQuery.
Please find links below on how to get started using this product:
Getting Started with Audit and Remediation
Audit and Remediation: What Can I Query? (Windows & Mac)
Audit and Remediation: What Can I Query? (Linux)
Audit and Remediation Best Practices Guide
It is important to note that in addition to having this product licensed in your VMware Carbon Black Cloud console, that Live Query access is dependent on user role authorization. Please check with your administrator to ensure that you have the proper permissions in order to use Live Query.
Comments
0 comments
Please sign in to leave a comment.