Carbon Black(Cb) Protection

Applies To: Cb Protection Application Control for Servers & Critical Systems

Overview

Carbon Black Protection (Cb Protection), formerly Bit9, is an application control product that allows departments to monitor and control application execution on systems. The best aspect of Cb Protection is its ability to hash out and quickly locate executables on all workstations and servers.

EventTracker integrates Cb Protection logging through REST API and provides reports, knowledge objects and dashboards for all generated events. This helps tremendously searching for and weeding out known-bad and suspected-bad files from the network.

EventTracker Knowledge Pack for Cb Protection allows you to monitor the following components:-

• Security - All events generated on Cb Protection related to alerts, application certificates, file approvals etc.
• Compliance - Keeping track of sensor updates, unapproved files and certificate usage.
• Operation - Summary of application executions and user activity across the network.

Previous Next

Once Cb Protection is configured to deliver events to EventTracker Manager; knowledge objects and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.

Scope

The configuration details in this guide are consistent with EventTracker version 8.x and later, Cb Protection Application Control for Servers & Critical Systems .

Documentation:

To configure Carbon Black(Cb) Protection to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide