Carbon Black(Cb) Protection
Version: Cb Protection Application Control for Servers & Critical Systems
Carbon Black Protection (Cb Protection), formerly Bit9, is an application control product that allows departments to monitor and control application execution on systems. The best aspect of Cb Protection is its ability to hash out and quickly locate executables on all workstations and servers.
Netsurion Open XDR integrates Cb Protection logging through REST API and provides reports, knowledge objects and dashboards for all generated events. This helps tremendously searching for and weeding out known-bad and suspected-bad files from the network.
Netsurion Data Source Integration for Cb Protection allows you to monitor the following components:-
- Security – All events generated on Cb Protection related to alerts, application certificates, file approvals etc.
- Compliance – Keeping track of sensor updates, unapproved files and certificate usage.
- Operation – Summary of application executions and user activity across the network.
Once Cb Protection is configured to deliver events to Netsurion Open XDR Manager; knowledge objects and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||Cb Protection – Alert details||This report provides details regarding alerts triggered by Cb Protection related to unauthorized file executions.|
|Security||Cb Protection – Event details||This report provides details regarding events generated by Cb Protection related to configuration changes and device discovery.|
|Security||Cb Protection – Policy details||This report keeps track of file execution policies applied across various devices in the network. Changes in these policies are also tracked.|
|Security||Cb Protection – Script rule details||This report keeps track of script execution policies applied across various devices in the network. Changes in these policies are also tracked.|
|Operations||Cb Protection – Internal event details||This report provides details regarding system and error events generated by Cb Protection.|
|Operations||Cb Protection – Server settings details||This report keeps track of configuration changes on Cb Protection. Both old and new values in changed settings are tracked in the report.|
|Operations||Cb Protection – User details||This report keeps track of all users registered on Cb Protection. Report lists all user details with their registration date, activation date and associated groups.|
|Compliance||Cb Protection – Application details||This report provides details regarding various installed applications across the network. Reports are populated with application’s installation and version details.|
|Compliance||Cb Protection – Certificate details||This report provides details regarding various application certificates being used in the network. Reports are populated with certificate vendor, validity and usage details.|
|Compliance||Cb Protection – File catalog details||This report keeps track of all files cataloged by Cb Protection. This catalog includes file name with details about its creator application, MD5 hash, approval status, threat score and file path.|
The configuration details in this guide are consistent with Netsurion Open XDR 8.x and later, Cb Protection Application Control for Servers & Critical Systems.