Carbon Black(Cb) Protection

Version: Cb Protection Application Control for Servers & Critical Systems

Carbon Black Protection (Cb Protection), formerly Bit9, is an application control product that allows departments to monitor and control application execution on systems. The best aspect of Cb Protection is its ability to hash out and quickly locate executables on all workstations and servers.

Netsurion's Open XDR platform integrates Cb Protection logging through REST API and provides reports, knowledge objects and dashboards for all generated events. This helps tremendously searching for and weeding out known-bad and suspected-bad files from the network.

Netsurion Data Source Integration for Cb Protection allows you to monitor the following components:-

  • Security - All events generated on Cb Protection related to alerts, application certificates, file approvals etc.
  • Compliance - Keeping track of sensor updates, unapproved files and certificate usage.
  • Operation - Summary of application executions and user activity across the network.

Once Cb Protection is configured to deliver events to Netsurion Manager; knowledge objects and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Reports

Type Name Description
Security Cb Protection - Alert details This report provides details regarding alerts triggered by Cb Protection related to unauthorized file executions.
Security Cb Protection - Event details This report provides details regarding events generated by Cb Protection related to configuration changes and device discovery.
Security Cb Protection - Policy details This report keeps track of file execution policies applied across various devices in the network. Changes in these policies are also tracked.
Security Cb Protection - Script rule details This report keeps track of script execution policies applied across various devices in the network. Changes in these policies are also tracked.
Operations Cb Protection - Internal event details This report provides details regarding system and error events generated by Cb Protection.
Operations Cb Protection - Server settings details This report keeps track of configuration changes on Cb Protection. Both old and new values in changed settings are tracked in the report.
Operations Cb Protection - User details This report keeps track of all users registered on Cb Protection. Report lists all user details with their registration date, activation date and associated groups.
Compliance Cb Protection - Application details This report provides details regarding various installed applications across the network. Reports are populated with application's installation and version details.
Compliance Cb Protection - Certificate details This report provides details regarding various application certificates being used in the network. Reports are populated with certificate vendor, validity and usage details.
Compliance Cb Protection - File catalog details This report keeps track of all files cataloged by Cb Protection. This catalog includes file name with details about its creator application, MD5 hash, approval status, threat score and file path.

Documentation

The configuration details in this guide are consistent with Netsurion version 8.x and later, Cb Protection Application Control for Servers & Critical Systems.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept