Skip to main content

Sensor Profiles & Configurations FAQ

How does the new endpoint profiles capability compare to deployment groups?

The new profiles capability brings the ability to manage sensor configurations for customers by exposing the most used configurations in the UI. Previously, endpoint configurations were not exposed in the deployment group capability and could only be managed by the Cyberhaven support team.

Profiles and configurations provide the ability to have reusable settings groups shared between groups of devices as configurations that can then be applied to one or more profiles. Profiles include the following settings.

Uninstall password: For deployments of the Windows sensor, an uninstall password can be set, which is then required to uninstall the sensor.

Targeting: The characteristics of devices intended to have this profile and its collected settings applied. Targeting is covered later in the FAQ [HERE]

Overrides: A JSON representation of configuration settings applied as preferential settings over the targeted configurations. This should only be applied with the assistance or recommendation of the Cyberhaven support team. Overrides are covered later in the FAQ [HERE]

Priority: Profile priority is used to decide which profile is applied in the case that one or more profiles are applicable based on the targeting applied. Priority is covered later in the FAQ [HERE]

A profile also allows for the selection of one of each of the following configuration types

Performance: Settings related to sensor utilization and performance

Detection: Settings to enable or configure the detection settings of the sensors

Policy: Selecting the data protection policies applied to the group of devices targeted by the profile

Software: Software update settings for the group of devices

Profiles also support dynamic targeting from the platform, which allows specification of targeting in the platform prior to device deployment with no manual addition to profiles required. This will aid in the sensor deployment process as it should no longer be necessary to use separate software deployment packages, including deployment group specification in the packages, when deploying via platforms like Jamf or Intune.

What can we do if I need to troubleshoot an issue or make OS specific settings?

Sensors support a large number of configurations to allow for troubleshooting or tuning, most of which are only expected to be utilised via the Cyberhaven support team in case of an issue.

To allow for troubleshooting or specific OS configurations, the profile capability provides for targeting endpoints based on their OS as reported by the system, which allows the creation of an OS specific profile for testing configurations

To allow for further troubleshooting and special configurations, profiles also support the setting of configuration Overrides. Overrides will be applied on top of any configuration settings that come from the shared configuration objects and allow for specific settings to be applied in case of troubleshooting.

Override settings should be applied with the assistance of the Cyberhaven support team. Cyberhaven will review the usage of overrides over time and use their usage to guide the inclusion of specific settings in the UI or tuning of the default settings.

How should I go about creating my own profiles and configurations?

Cyberhaven has provided a default profile and associated configurations that serve as a template for the creation of custom profiles and configurations. These defaults are read-only for users and are managed by Cyberhaven, but they can be duplicated by creating custom profiles and configurations that can be edited.

By setting specific targeting characteristics and a priority that is higher than the default (this is a requirement as the default profile will always be the lowest possible priority), the new custom profile and configurations will be applied.

For the purposes of validation, it is suggested to test new profiles and configuration settings by targeting a specific set of devices to validate that the configurations are delivering the required results before deploying to a wider group of devices.

How do I go about migrating from Deployment groups to Profiles?

New deployments of the Cyberhaven platform after the release of these new features (25.10.02) will come with this capability immediately deployed, and there will be no deployment group configurations that need to be migrated.

Customers who want to use this feature that has been deployed prior to the 25.10.02 release will need to migrate endpoint configurations between deployment groups and the new profiles. This is a process that requires contact with the Cyberhaven support team and some prior work to establish the requirements of the existing deployment groups. To migrate to using profiles from endpoint configurations, please contact the Cyberhaven support team.

Upon enabling the new features, Cyberhaven will create new special migrated profiles that will duplicate the exact configurations applied to the deployment groups previously, and the hard-coded list of devices that had been selected in the deployment group, which are also applied with a special targeting that means no possible overlap or configuration precedence can occur.

Initially, there will be no new configurations created automatically to replace the original deployment groups; this will require manual work to create new profiles and configurations to replace the existing ones. Going forward, there will be a migration capability that will create a profile that targets the existing set of devices in a deployment group. The platform will evaluate all of the applied configurations in the deployment groups and create the minimum required configurations to apply to all of the devices as well as apply any overrides to profiles to give the exact same configuration to all the devices in the new profiles as those that applied from the deployment groups.

To go through this process and migrate completely between deployment groups and profiles, contact the Cyberhaven support team..

How do overrides work?

Overrides are configuration settings that are applied to a profile preferentially over any of the configuration settings included in the applied configurations in the profile. Overrides provide the option to set OS specific settings for a particular value in the configuration, as well as general settings that are not exposed in the UI.

Overrides are provided in flattened JSON format in the overrides configuration section and should be provided by the Cyberhaven support team and only applied with their recommendation.

Over time, the usage of overrides will be evaluated by Cyberhaven and will guide the addition of configurations to the UI as well as the possible tuning of defaults based on usage.

What does profile priority do?

Profile priority is used to select the profile that will be applied to a device when more than one profile may be applicable based on dynamic targeting. To ensure that if there is an overlap in targeting, there is a deterministic manner to know which profile is applied, the priority is used to differentiate.

Profile priority is shown in the UI at this time as a number, 1 being the lowest possible and 1000 being the highest. The profile priority with the largest number is the one that will be selected when two profiles apply, e.g. if two profiles apply to a device, “Profile A” has priority 10 and “Profile B” has priority 20, then Profile B will be applied to devices where an overlap occurs. This priority creates a ranking of profiles in the UI; they are shown in the UI ordered by priority to ensure it is clear which is most likely to be applied.

What is the default for?

The default profile and configurations are added to give an example for users to use as a template for their own configurations. The settings included in the default profile are managed by Cyberhaven and can be updated as defaults are tuned or new settings are added. The default profile is the lowest possible profile priority, which means it will only be applied if there is no other matching profile. This means all sensors connected to the platform will receive a configuration, even if it is the default.

Do I need to configure my deployment group for installer packages?

No, this is no longer necessary in the same way it used to be for deployment groups. Dynamic targeting in the platform will match devices without them having to have been connected to the platform previously. This will make the creation of deployment packages easier as there is no requirement to make multiple with the deployment group configuration included.