IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Response 7.1 User Guide

CB Response 7.1 User Guide

Important: This documentation is being posted before general availability of this release. Please monitor the User Exchange for the release notice.

Note: This document applies to all 7.1 versions.

The CB Response 7.1 User Guide is written for both the cloud and on-premises editions of CB Response. It provides information for administrators and for members of Security Operations Center (SOC) and Incident Response (IR) teams who are responsible for setting up and maintaining security for endpoints and networks, as well as assessing potential vulnerabilities and detecting advanced threats. This document includes information about the following topics:

  • Console user accounts and using the console
  • Sensors and sensor groups
  • Server certificate management
  • Incident response
  • Process and binary search and analysis
  • Threat intelligence feeds
  • Investigations
  • Watchlists and alerts

See the Comments section for a brief summary of changes to this document since the previous edition.

Labels (2)

Change log for CB Response 7.1 User Guide (changes since the 7.0 version)

  • In the “Watchlists” chapter, the create watchlist flow is changed. Users now choose the number of days to run the watchlist on existing data.
  • In the “Ingress Filtering” chapter, the new ingress filtering feature is documented.
  • In the “Netconn Metadata” chapter, the new TLS fingerprinting feature is documented.
  • In the “Configuring the Event Forwarder” chapter, the new Event Forwarder console feature is documented.
  • In the “Process Search and Analysis” chapter, the Logon type now displays on the Process Search page.
  • Created and inserted new screenshots to match updated console pages throughout the User Guide.
  • In the “Console and Email Alerts” chapter, Report ID is changed to Report Name on the Triage Alerts page.
Article Information
Creation Date: