NDR Sensor CLI

Associated Commands:

CLI Description	Command
Copy core dumps to remote file destination Copy system generated core dumps to a remote destination.	copy core-dump <core-dump-file-arg> url <scp-file-url-arg>
Delete core dump files in the system Delete core dump files in the system.	del core-dump [all\|<core-dump-file-arg>]
Get core dump config Get core dump generation and rotation configurations	get core-dump config
List core dump files in the system Display information about the core dump files in the system.	get core-dumps
List docker containers in the system List all the docker containers in the system (equivalent of 'docker ps -a').	get docker-containers
List docker images in the system List docker images in the system (equivalent of 'docker images').	get docker-images
Show log file contents Display the contents of the specified log file.	get log-file <log-file-arg>
Show log file contents Display the last 10 lines of the specified log file and all new messages that are written to the log file.	get log-file <log-file-arg> follow
Display system processes Display a snapshot of the system processes.	get processes
Display process monitor Display information about processes that are running. The display is updated every few seconds.	get processes monitor
Get the Rapid service logging level Get the log level of the Rapid service. This service is responsible for analyzing files for malware threats	get service rapid logging-level
Get the sensor-container-orchestration service logging level Get the log level of the sensor-container-orchestration service. This service is the central logic that manages the lifecycle of all the other containerized application services, making sure the sensor is always running the right components based on its current configuration and status.	get service sensor-container-orchestration logging-level
Get the sensor-health service logging level Get the log level of the sensor-health service. This service detects the health of each of the core services.	get service sensor-health logging-level
Get the sensor-service service logging level Get the log level of the sensor-service service. Sensor client service is responsible for communicating with Security Services Platform (SSP) and managing configuration of the sensor.	get service sensor-service logging-level
Get the sensor-uploading service component logging level. Get the logging level of a component within sensor-uploading service. This service is responsible for processing and sending all critical security events (like IDS alerts, malware analysis results, and network flows) to the Security Services Platform (SSP).	get service sensor-uploading [[component <component>] logging-level]
Get the sensor-uploading service logging level Get the log level of the sensor-uploading service. This service is responsible for processing and sending all critical security events (like IDS alerts, malware analysis results, and network flows) to the Security Services Platform (SSP).	get service sensor-uploading logging-level
Get the sniffing service logging level. Get the log level of the sniffing service. Sniffing service is responsible for capturing network traffic.	get service sniffing [[component <component>] logging-level]
Get the sniffing service component logging level. Get the logging level of a component within sniffing service. Sniffing service is responsible for capturing network traffic.	get service sniffing [[component <component>] logging-level]
Save support bundle in filestore Display the contents of the tech support bundle. Specify the `file` argument to save the bundle to a file with the specified file name in the file store. This support bundle does not contain core or audit log files. To include those files, specify the `all` argument. Core files contain system information and all information stored in memory at the time of the dump (this may include confidential, sensitive or personal information such as passwords and encryption keys, if they are being processed in memory at that time). If you choose to send the support bundle to VMware, it will be processed in accordance with VMware's standard processes and policies, to provide you with support, fix problems and improve the product and services.	get support-bundle [file <filename> [log-age <no-of-days>] [all]]
Display progress status of last upgrade step Display the status of the upgrade steps run on the node and details of last upgrade step.	get upgrade progress-status
Display playbook contents Display the contents of the specified playbook for the specified upgrade bundle.	get upgrade-bundle <bundle-name-arg> playbook <playbook-file-arg>
List all playbooks in the filestore Display all playbooks in the file store.	get upgrade-bundle playbooks
Execute playbook resume action Resume an upgrade after running the command `start upgrade-bundle <bundle-name> playbook <playbook-file>` and the system was rebooted.	resume upgrade-bundle <bundle-name-arg> playbook
Set core dump file limit global config Global limit for count to preserve latest core dump files generated for all processes or applications. By default latest 2 core dump files will be preserved. To disable this config, set value to 0. Note, disabling config may consume higher disk space and can cause disk space exhaustion.	set core-dump global file-limit <core-dump-limit>
Set core dump frequency threshold global config Global limit for setting threshold in seconds for frequency of generated core dump files for all processes or applications. Any application generating core dump within threshold seconds will be ignored and new core dump request will only be in effect after the threshold period has expired. By default processes generating core dump within threshold frequency of 600 seconds will be denied. To disable this config, set value to 0. Note, disabling config may consume higher disk space and can cause disk space exhaustion.	set core-dump global frequency-threshold <core-dump-threshold-freq>
Set Core dump limit config per application Limit for count to preserve latest core dump files generated per process or application. To disable this config, set value to 0. Note, disabling config may consume higher disk space and can cause disk space exhaustion.	set core-dump process <process-name> file-limit <core-dump-limit>
Set the Rapid service logging level Set the log level of the Rapid service. This service is responsible for analyzing files for malware threats	set service rapid logging-level <sensor-type-2-logging-level-arg>
Set the sensor-container-orchestration service logging level Set the log level of the sensor-container-orchestration service. This service is the central logic that manages the lifecycle of all the other containerized application services, making sure the sensor is always running the right components based on its current configuration and status.	set service sensor-container-orchestration logging-level <sensor-type-2-logging-level-arg>
Set the sensor-health service logging level Set the log level of the sensor-health service. This service detects the health of each of the core services.	set service sensor-health logging-level <sensor-type-2-logging-level-arg>
Set the sensor-service service logging level Set the log level of the sensor-service service. Sensor client service is responsible for communicating with Security Services Platform (SSP) and managing configuration of the sensor.	set service sensor-service logging-level <sensor-type-1-logging-level-arg>
Set the sensor-uploading service component logging level. Set the logging level for a specific component within sensor-uploading service. This service is responsible for processing and sending all critical security events (like IDS alerts, malware analysis results, and network flows) to the Security Services Platform (SSP).	set service sensor-uploading [component <component>] logging-level <level>
Set the sensor-uploading service logging level Set the log level of the sensor-uploading service. This service is responsible for processing and sending all critical security events (like IDS alerts, malware analysis results, and network flows) to the Security Services Platform (SSP).	set service sensor-uploading logging-level <sensor-type-2-logging-level-arg>
Set the sniffing service component logging level. Set the logging level for a specific component within sniffing service. Sniffing service is responsible for capturing network traffic.	set service sniffing [component <component>] logging-level <level>
Set the sniffing service logging level. Set the log level of the sniffing service. Sniffing service is responsible for capturing network traffic.	set service sniffing [component <component>] logging-level <level>
Execute a playbook given a valid playbook file Start an upgrade with the specified upgrade bundle and according to the specified playbook.	start upgrade-bundle <bundle-name-arg> playbook <playbook-file-arg>
Verify and extract bundle to default location Verify and extract the specified upgrade bundle to the default location.	verify upgrade-bundle <bundle-name-arg>