Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response 6.2.4 User Guide

Cb Response 6.2.4 User Guide

The Cb Response 6.2.4 User Guide is written for both the cloud and on-premises editions of Cb Response. It provides information for administrators and for members of Security Operations Center (SOC) and Incident Response (IR) teams who are responsible for setting up and maintaining security for endpoints and networks, as well as assessing potential vulnerabilities and detecting advanced threats. This document includes information about the following topics:

  • Console user accounts and using the console
  • Sensors and sensor groups
  • Incident response
  • Process and binary search and analysis
  • Threat intelligence feeds
  • Investigations
  • Watchlists and alerts

 See the Comments section below for a brief summary of changes to this document since release 6.2.3.

Note: This document is being posted prior to on-premises server availability and cloud upgrade. Please monitor the User eXchange for the official release of this version.

Labels (2)

Change log for the November 2018 Cb Response 6.2.4 User Guide:

  1. The chapters "Managing User Accounts for On-Premise Servers" and "Managing User Accounts for Cloud Servers" have been significantly modified for this release. They have been updated to describe changes in this release to the privileges needed to access Cb Response features. The chapters also provide more information about user accounts and teams than previous documentation versions, and include some corrections.
  2. In the "Managing Sensors" chapter, corrected the description of Total Sensor Count to indicate it is the number of installed sensors reporting to a server.
  3. In the "Watchlists" chapter, a new note points out that for each watchlist run, the number of matching events that are tagged is limited to 100 to prevent performance issues and eliminate the potential for excessive numbers of notifications.
  4. In the "Process Search and Analysis" chapter, new information indicates that Process event filters provide a further refinement of the data that is already on the Process Analysis page, not a new search.
Article Information
Creation Date: