Applies To: Cb Protection Application Control for Servers & Critical Systems
Carbon Black Protection (Cb Protection), formerly Bit9, is an application control product that allows departments to monitor and control application execution on systems. The best aspect of Cb Protection is its ability to hash out and quickly locate executables on all workstations and servers.
EventTracker integrates Cb Protection logging through REST API and provides reports, knowledge objects and dashboards for all generated events. This helps tremendously searching for and weeding out known-bad and suspected-bad files from the network.
EventTracker Knowledge Pack for Cb Protection allows you to monitor the following components:-
Once Cb Protection is configured to deliver events to EventTracker Manager; knowledge objects and reports can be configured into EventTracker.
Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.
Reports
The configuration details in this guide are consistent with EventTracker version 8.x and later, Cb Protection Application Control for Servers & Critical Systems .
To configure Carbon Black(Cb) Protection to send logs to EventTracker, refer to the How-to Guide.
For more information please refer to the Integration guide