We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

CB Response 6.5 User Guide

CB Response 6.5 User Guide

Note: This document applies to all 6.5 versions.

The CB Response User Guide is written for both the cloud and on-premises editions of CB Response. It provides information for administrators and for members of Security Operations Center (SOC) and Incident Response (IR) teams who are responsible for setting up and maintaining security for endpoints and networks, as well as assessing potential vulnerabilities and detecting advanced threats. This document includes information about the following topics:

  • Console user accounts and using the console
  • Sensors and sensor groups
  • Server certificate management
  • Incident response
  • Process and binary search and analysis
  • Threat intelligence feeds
  • Investigations
  • Watchlists and alerts

Note: Beginning with this release, the User Guide is also available as online help in the CB Response Console.

See the Comments section for a brief summary of changes to this document since the previous edition.

Labels (2)
Attachments
0 Kudos
Comments

Change log for the September 2019 CB Response 6.5 User Guide (changes since the most recent 6.4 version):

  1. In the "CB Response Overview" chapter, the Data Flow table on p. 32 has been corrected to accurately describe sensor-server communication through a proxy.
  2. In the "Getting Started" chapter, the description of console menus has been updated to include the new User Guide choice on the Help menu.
  3. In the "Sensor Groups" chapter (p. 114), "Process Search and Analysis" chapter (p. 207), and "Advanced Search Queries" chapter (p. 242), the description of what was formerly called "Data Suppression" has been updated to reflect console changes that now show "Retention Maximization", which better describes the purpose and effect of this setting.
  4. In the "Responding to Endpoint Incidents" chapter, a new section describes the new ability to add "Isolation Exclusions" that allow an endpoint under isolation to reach specified IP addresses or URLs.
  5. In the "Advanced Search Queries" chapter, the description of ipaddr searches on p. 231 was updated to indicate that only a remote (destination) IP address is searchable.
  6. Other minor corrections and improvements were made throughout the document.
Article Information
Author:
Creation Date:
‎09-18-2019
Views:
2766