Announcing General Availability of Cb Response 6.1
Carbon Black is announcing General Availability of a new version of its market-leading incident response and threat-hunting solution, Cb Response 6.1. This release completely reinvents the back-end architecture and front-end UI of the product.
Cb Response now scales to the largest of enterprises, supporting 150,000 endpoints per cluster built on a new, innovative system architecture. Performance is markedly faster. Storage is also decoupled from processing. If you want to keep your data longer, just add disks, not servers. The improved scaling marks a 3X improvement over previous versions, something our team, our customers, and prospects around the world are very excited about.
On the front-end, the new UI streamlines workflows, improves ease of use and creates a better overall analyst experience.
The new release is available now. Please check for upgrade instructions.
***Update 5/25: Please check out the for known issues and knowledge base articles that have been generated since GA. These docs will help out as you get started with 6.1. Thanks!
**Note: There are two scenarios under which we recommend that you delay upgrade. See below for more details.
The following is an quick overview of the prominent features included in 6.1.
Dramatic Scalability Enhancements
3x Increase in Endpoints per Server/Cluster
18,750 EPs per Server
Improved speed of search and analysis results
Quicker connections with Cb Live Response and endpoint isolation
Faster visibility into sensor data from your endpoints
Improved Console For Better Analyst Experience
New UI built around a new ‘Heads Up Display’:
Provides the most relevant information upon logging into the console
Customization allows you to focus on the information you care about
Power Command Line Parsing:
Enhanced tagging of command line activity for faster searching of metadata
Construct detailed searches on cmdline that were not possible before.
New Process-Timeline View:
See spikes in specific activity-types to note anomalies for deeper investigation
Quickly pivot to a specific timeframe when correlating alerts from other systems
Visual query builder for easier search construction and search editing
Enhanced, customizable filtering
Saved Searches build a personalized repository of queries for instant recall
A dramatically enhanced Watchlists page
Improved metrics highlight hit-based performance for better Watchlist curation
Configure expiration of Watchlists based on performance
Deployment Details The release is now available now on YUM. Please check for details on how to install/upgrade and for new versions of product documentation.
If you are a Cb Response Unified View user, we recommend that you delay upgrade to 6.1. The 5.x version of Unified View is not compatible with 6.1. We are working to have a 6.1 version of Unified View available soon. We will announce availability via a post to the User Exchange (targeting Mid June).