Carbon Black(Cb) Protection

Version: Cb Protection Application Control for Servers & Critical Systems

Carbon Black Protection (Cb Protection), formerly Bit9, is an application control product that allows departments to monitor and control application execution on systems. The best aspect of Cb Protection is its ability to hash out and quickly locate executables on all workstations and servers.

Netsurion Open XDR integrates Cb Protection logging through REST API and provides reports, knowledge objects and dashboards for all generated events. This helps tremendously searching for and weeding out known-bad and suspected-bad files from the network.

Netsurion Data Source Integration for Cb Protection allows you to monitor the following components:-

  • Security – All events generated on Cb Protection related to alerts, application certificates, file approvals etc.
  • Compliance – Keeping track of sensor updates, unapproved files and certificate usage.
  • Operation – Summary of application executions and user activity across the network.

Once Cb Protection is configured to deliver events to Netsurion Open XDR Manager; knowledge objects and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Reports

Type Name Description
Security Cb Protection – Alert details This report provides details regarding alerts triggered by Cb Protection related to unauthorized file executions.
Security Cb Protection – Event details This report provides details regarding events generated by Cb Protection related to configuration changes and device discovery.
Security Cb Protection – Policy details This report keeps track of file execution policies applied across various devices in the network. Changes in these policies are also tracked.
Security Cb Protection – Script rule details This report keeps track of script execution policies applied across various devices in the network. Changes in these policies are also tracked.
Operations Cb Protection – Internal event details This report provides details regarding system and error events generated by Cb Protection.
Operations Cb Protection – Server settings details This report keeps track of configuration changes on Cb Protection. Both old and new values in changed settings are tracked in the report.
Operations Cb Protection – User details This report keeps track of all users registered on Cb Protection. Report lists all user details with their registration date, activation date and associated groups.
Compliance Cb Protection – Application details This report provides details regarding various installed applications across the network. Reports are populated with application’s installation and version details.
Compliance Cb Protection – Certificate details This report provides details regarding various application certificates being used in the network. Reports are populated with certificate vendor, validity and usage details.
Compliance Cb Protection – File catalog details This report keeps track of all files cataloged by Cb Protection. This catalog includes file name with details about its creator application, MD5 hash, approval status, threat score and file path.

Documentation

The configuration details in this guide are consistent with Netsurion Open XDR 8.x and later, Cb Protection Application Control for Servers & Critical Systems.

Download Integration Guide and How-to Guide for configuration instructions and more information.