Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

VMware Carbon Black

VMware Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals to shift the balance of power back to security teams. Only VMware Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. VMware Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. VMware Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose VMware Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.

Integrations

VMware Carbon Black EDR

The integration between ThreatConnect and Carbon Black Response allows users to take IOCs identified by ThreatConnect that meet a specified threat rating and send file hashes and IPs back to Carbon Black Response for action. Once ThreatConnect sends the IOC, Carbon Black Response will then correlate the intel from ThreatConnect with the data that’s been collected from the endpoints and automatically take action based on if there are any correlations (or hits) found. The integration allows users to instantly hunt for targeted IOCs they were tracking in ThreatConnect across Carbon Black Response’s extensive network of endpoints. When a hit occurs, the full context of each hit - including associated threats, past observations or incidents, and community insight - is accessible to the analyst via ThreatConnect. With the Playbooks Apps, users are automatically able to take the following actions:

  • Ban MD5 Hash
  • Create File on Sensor
  • Create Watchlist
  • Delete File on Sensor
  • Isolate Sensor
  • Unisolate Sensor
  • Kill Process by Sensor
  • Retrieve All Processes on Sensor
  • Retrieve File by MD5
  • Retrieve File Info by Sensor
  • Retrieve File from Sensor
  • Retrieve Process Info by Search
  • Retrieve Sensor BY ID
  • Retrieve Watchlist by ID
  • Retrieve Watchlist by Name
  • Update Watchlist by ID

This app can be found in the ThreatConnect App Catalog under Carbon Black Response.

Keep Reading
dark orange ThreatConnect TC logo

Built By ThreatConnect

Playbooks

CarbonBlack Playbook

This Playbook template will allow you to deploy a Yara rule to Carbon Black's Yara Manager. The Playbook uses a User Action Trigger which presents a button on the Details page of Signature groups that, when pressed, will gather the contents of the Signature and SCP them over via SSH to the host running the Yara Manager. SSH is required because there is currently no API endpoint for uploading Yara rules.

This app can be found in the ThreatConnect App Catalog under the name: Deploy Yara Rule to CarbonBlack

Keep Reading

Looking for an
integration not shown?