VMWare Carbon Black EDR 1.5.1

VMWare Carbon Black EDR - 1.5.1

tags: python | EDR | bit9

Table of Contents

• Description
• CDC Command Lines
• Workflows
• Rules
• Sensors
• Triggers
• Known Issues

Description

Integration with VMware Carbon Black EDR supports CDC users by providing enrichment consisting of details of individual IDs and details of hosts connected to Carbon Black. This enables CDC users to make informed decisions regarding incident response.

Carbon Black collects and visualizes comprehensive information about endpoint events, giving security professionals unparalleled visibility into IT environments.

CyberProof uses generic adaptive cards to display host-related information in a meaningful intuitive GUI, facilitating an easy understanding of host data and the status of hosts on Carbon Black.

We provide CLI commands to cater to two primary use cases. The first is to enrich specific host information available on Carbon Black, and the second is to isolate and un-isolate specific hosts from the network. The integration currently has the ability to isolate an asset from the network.

CDC Command Lines

No CDC command lines

Workflows

• automatic_close_alert
  Carbon Black automatic close alert.

• inject_alert_to_cdc
  Injects an alert to the CDC if an alert is not present.

Rules

• carbon_black_close_alert
  Close alert on Carbon Black.

• inject_carbon_black_alert
  Triggers injecting a new alert to the CDC workflow, when a sensor dispatches a new alert to the CDC.

Sensors

• CarbonBlackSensor
  Sensor to pull alerts from Carbon Black.

Poll interval - 30s

Triggers

No triggers

Known Issues

No issues