We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

Cb Protection v8.1.0 User Guide

Cb Protection v8.1.0 User Guide

Document Version: 8.1.0 (August 2018)

This document provides information for administrators, incident responders, and others who will operate the Cb Protection Console. It describes how to use Cb Protection, including:

  • How to use the Cb Protection Console
  • Server configuration
  • Agent installation
  • Computer and file management
  • Rule creation
  • Monitoring features

See the "Before you begin" chapter for a complete list of topics discussed in the document.

 

See the Comments below for changes in this version.

 

Labels (1)
Attachments
Comments

Change log for the October 2018 Cb Protection 8.1.0.b User Guide (changes for Patch 2):

  1. In the "Using the Cb Protection Console" chapter, made the following changes:
    - Added a "Filter Shortcuts" section describing new filter shortcuts that automatically fill in some or all of the information in the Filters dialog, including column head and column cell filters.
    - Added a note about new drag-and-drop column rearrangement to the "Show Columns Options" section.
    - Updated the "Details Pages and Object Previews" section to note that details for some table row can be shown by double-clicking the row itself.
  2. In the "Rapid Configs" chapter, added the following new or previously undocumented choices to the Rapid Configs table: 
    - Cryptomining protection
    - Delivery optimization
    Doppelganger protection
    Microsoft SQL Server
    Mimikatz protection
    Powershell protection
    Self-service approvals
    WMI protection
  3. In the "Events, Alerts, and Meters" chapter, updated Table 84 to show the new "Subgroup by" option for the Events page and added a description of new sorting options for the "Group by" option. Also, in the "To customize and save an event report as a Saved View:" procedure, added a step to indicate that they can use subgroups.
  4. Other minor corrections and improvements were also made.

 

Change log for the August 2018 Cb Protection 8.1.0 GA User Guide (changes since latest 8.0.0 version):

  1. Added a "Deleting Files" chapter to describe the new file deletion feature in 8.1.0.
  2. In the "Managing Console Login Accounts" chapter, added a "Logging in Using SAML" section to describe the new SAML support in 8.1.0.
  3. In the "System Configuration" chapter, added a "Configuring SAML Logins" section to describe how to configure Cb Protection to allow SAML-based logins.
  4. In the "Uploading Files from Agents" chapter, added a "File and Path Information for Uploaded Files" section to describe new functionality that handles file uploads with non-ANSI characters in filenames or paths.
  5. In the "Unified Management" chapter, noted that if one server uses TLS 1.2 only, all UM servers should use TLS 1.2.
  6. In the "Rapid Configurations" chapter, noted that "Auto Detection" is an unused field on the Rapid Configuration page.
  7. In the "Managing Devices" chapter, added information indicating that beginning with Cb Protection Mac Agent 7.2.3 Patch 10, device management features work on Mac endpoints.
  8. Other minor corrections and improvements were also made.

I noticed there is no mention of FIPS as I am seeing events now related to that and I am wondering how to configure the settings.

mshubaly --

FIPS 140-2 support is announced in the Release Notes document. There is no configuration to be done, thus the lack of mention in this user guide. As I understand it, the 8.1.0 Windows agent (currently this is Window-only) detects whether a host is in FIPs mode, and if it is, the agent runs in a FIPS-compliant way, transparently with the exception of the event. The event that determines whether the agent started in FIPS mode or not is listed in the new Events Guide​ (with minimal explanation, certainly).

I'm not the guy for deeper technical explanations if you need them -- in that case I'd recommend using the Ask a Question About CB Protection link on the User eXchange home page. Hope this helps.

Article Information
Author:
Creation Date:
‎08-30-2018
Views:
7847
Contributors