Follow the latest information and updates available on the FireEye and SolarWinds situations here.

CB Response 7.0 User Guide

CB Response 7.0 User Guide

Important: This documentation is being posted before general availability of this release. Please monitor the User Exchange for the release notice.

The CB Response User Guide is written for both the cloud and on-premises editions of CB Response. It provides information for administrators and for members of Security Operations Center (SOC) and Incident Response (IR) teams who are responsible for setting up and maintaining security for endpoints and networks, as well as assessing potential vulnerabilities and detecting advanced threats. This document includes information about the following topics:

  • Console user accounts and using the console
  • Sensors and sensor groups
  • Server certificate management
  • Incident response
  • Process and binary search and analysis
  • Threat intelligence feeds
  • Investigations
  • Watchlists and alerts

See the Comments section for a brief summary of changes to this document since the previous edition.

Labels (2)
Attachments
Comments

"VMware Carbon Black EDR Windows Sensor v6.2.5 is intended to provide improvements to Windows memory dumps, capturing of the logon type for Windows process executions"

Where are these logon type informations visible ? Is there a corresponding fieldname for searching?

@gorlando 
I had the same question as @sandrobeffa . Where are these logon types found?

@gorlando I'd be interested in those "logon type" details as well!

Hi,

VMware Carbon Black EDR Windows Sensor v6.2.5 provide

"Tamper Hardening Improvements - The v6.2.5 Windows sensor provides additionalTamper Hardening. [CB-26653]"

How this tamper hardening improvements is work?

Our customer recently get attack to stop/ remove CbR? We want to know this version will help?

Where I can search information for the CB-26653?

 

Regards,

Narumit W.

 

 

 

If anyone it trying to download this sensor today, you will need to update your CarbonBlack.repo baseurl to the following

https://yum.distro.carbonblack.io/enterprise/7.1.0-1/$basearch/

We redirect yum internally here. Where can I find the rpm for the latest CB EDR agent?

Article Information
Author:
Creation Date:
‎01-29-2020
Views:
2504
Contributors