Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Response 6.3.0 Unified View User Guide

CB Response 6.3.0 Unified View User Guide

This document describes how to use CB Response Unified View. It assumes you are familiar with the CB Response software. This document includes the following:

  • An introduction to Unified View concepts, architecture, and terminology
  • Unified View server requirements, and instructions for installing and configuring Unified View
  • Cluster management tasks in Unified View
  • Description of multi-cluster and single-cluster operation in Unified View
  • User management tasks for Unified View
  • Configuration settings for CB Response Unified View server.
  • Unified View actions you can perform on the command line

See the Comments section below for changes to this document.

Note: This document is being posted prior to release. Please monitor the User eXchange for the official release of this version.

Labels (1)
Attachments
0 Kudos
Comments

Change log for the April 2019 CB Response Unified View 6.3.0 User Guide :

  • In the "Installing a Unified View Server" chapter, the baseurl path given for CarbonBlackUnifiedView.repo was outdated. It has been updated to give the currently used path.

Change log for the March 2019 CB Response Unified View 6.3.0 User Guide (changes since the most recent 6.1.3 Unified View User Guide):

  1. In the "Installing a Unified View Server" chapter, the instructions in "Upgrading from an Earlier Release" have been modified to show different upgrade procedures depending upon the version you are upgrading from.
  2. In the "Managing Clusters" chapter, changes were made to the "Authentication Method (API Token)" to clarify where the tokens are copied from.
  3. In the "Operating Contexts" chapter, the section "Scope for Multi-cluster Searches" was modified to better describe how settings on the Unified View server and the CB Response servers being viewed affect user access to data and clusters. In addition, a new section, "Features Limited by User Permissions in Single-Cluster Context," was added to provide additional details on the impact of the new CB Response 6.3.0 permissions model.
  4. In the "Managing Users" chapter, extensive changes were made to describe how enhanced permissions in CB Response 6.3.0 affect users in Unified View. Other changes were made to clarify the use of API tokens for authentication of server connections.
  5. In the "Server Configuration Settings" chapter, the cb.conf setting ManageIptables has been changed to ManageFirewall in Unified View 6.3.0, and the documentation was changed accordingly.
  6. Also in the "Server Configuration Settings" chapter, a description was added for a new setting, ShowGdprBanner, which controls whether a red banner appears on the console, indicating that the Unified View server is viewing EU instances and therefore data sharing should be handled with extra care.
Article Information
Author:
Creation Date:
‎03-22-2019
Views:
1815
Contributors