Carbon Black Cloud Endpoint Standard

Version: Carbon Black Cloud Endpoint Standard

Carbon Black Cloud Endpoint Standard (formerly called CB Defense) is a Next-Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR) solution that protects against the full spectrum of modern cyber-attacks. Next-Generation Antivirus (NGAV) uses machine learning and behavioral models to analyze endpoint activity and uncover malicious behavior to stop all types of attacks before they reach critical systems.

Netsurion's Open XDR platform integrates Carbon Black Cloud Endpoint Standard logging through REST API and provides reports, knowledge objects and dashboards for all generated events including attacks, network connections, registry access, file auditing etc.

Once Cb Defense is configured to deliver events to Netsurion Manager; knowledge objects, dashboards and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security CB Defense - Threat detected This alert is triggered when EventTracker receives CB defense events which is flagged as INJECT_CODE, or source of malicious behavior.
Compliance CB Defense - Policy action enforced This alert is triggered when EventTracker receives CB Defense events which is flagged is POLICY_ACTION, which basically is, a user performs an activity such as create policy, delete policy, modify policy, etc.

Reports

Type Name Description
Security Cb Defense - Threat detection This report provides information about threats detected. This includes information such as, device timestamp, device name, device OS, OS version, device installed by, process command line, process name, process reputation, SHA256, MITRE TTP (if applicable).
Operations Cb Defense - Network activity This report provides information about network traffic details. This includes information such as, device timestamp, remote IP address, remote port number, peer geo location, process name, process reputation, MITRE TTP (if applicable).
Compliance Cb Defense - Application access This report provides information about applications accessed by users. This includes information such as, device timestamp, child process name, child process reputation, parent process name, parent process reputation, process name, process reputation, MITRE TTP (if applicable).
Compliance Cb Defense - File and Registry access This report provides information about file and registry changes done by the users. This includes information such as, device timestamp, file name, file hash, file path, process name, process reputation, MITRE TTP (if applicable).
Compliance Cb Defense - Data access This report provides information about data accessed by users. This includes information such as, device timestamp, device name, device OS, OS version, process name, process reputation, MITRE TTP (if applicable).
Compliance Cb Defense - Policy action This report provides information about policies changed by users. This includes information such as, device timestamp, device policy, enrichment status, Sha256, process name, process reputation, MITRE TTP (if applicable).

Documentation

The configuration details are consistent with Netsurion version 9.x and later, and Carbon Black Cloud Endpoint Standard.

Download Integration Guide and How-to Guide for more information and to configuration instructions.