Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Inspection - User Guide

Carbon Black Inspection - User Guide

Document Version: January 2018

Overview

Cb Inspection (previously called “Cb Threat Intel File Analysis”) provides integrated analysis services from Carbon Black and its partners. Cb Response servers and Bit9 Servers can send files from the endpoints they monitor to Cb Inspection for analysis. Once a file is analyzed, the analysis results are sent back to the server that requested them.

The analysis includes executing Windows 32-bit and 64-bit PE executables in a sandbox environment. Analysis results also include all of the metadata available for the file from the Carbon Black platform components that have seen it.

Cb Inspection is supported on:

  • Cb Response versions 5.1.1 Patch 2 or later, and 5.2 or later
  • Bit9 Platform versions 7.2.1 and 7.2.2 or later

Minor updates were made to the January 2018 version of this document to correct typographic errors. The Cb Protection/Bit9 requirement for access to threatintel.bit9.com on port 443 was modified to indicate that this is outbound only.

Labels (2)
Attachments
Comments

Timing of this article could not better for me. However, I don't see Cb Threat Intel File Analysis feed under Threat Intelligence on my Cb Response server.

Do you happen to know the feed's URL by any chance, so I can add it manually?

Also I came across a post regarding Cb Threat Intel File Analysis Early Access Program. Does that mean it's not a fully production supported service yet?

Thanks

Alex

Hey Alex - got your email.  I'll get it over to the right people internally here.

For the group's benefit - the Early Access Program for File Analysis has now concluded.  We are officially in Controlled Distribution now, which is open to existing Cb Response and Cb Protection customers.  We are fully supporting the product now.  Anyone interested in this product should contact their Customer Success Manager or Account Manager to set up an evaluation.

Additionally - we are going to be pushing out the feed to all Cb Response customers in the next few days.  It will be empty, meaning it will contain zero reports, if you aren't a File Analysis customer.

Let me know if you have other questions.

Thanks,

Brent

Thanks for the info Brent. What is a File Analysis customer? We're a Protector & Responder customer.

Hey Alex -  This totally got lost in my inbox - sorry for the late response.  Cb File Analysis (which we are renaming to Cb Inspection) is a brand new add-on offering that brings detonation and static analysis services to your Cb Response and Cb Protection installations.  I'm in a meeting tomorrow with your Acct Mgr and Customer Success Mgr, so I'll make sure they have the info to get you set up.  Expect a followup soon.

Thanks

Brent

When will this be available for Cb Defense customers?

Article Information
Author:
Creation Date:
‎07-12-2016
Views:
7094
Contributors