Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How to automate and simplify Cb Protection (Bit9) administration

How to automate and simplify Cb Protection (Bit9) administration

View this recorded webcast on automating security with the Cb Protection, led by Tim Smith, Product Manager - Cb Protection. This session covers the value of automation within Protection for both you as the Admin, as well as the end user. The webcast takes a closer look at the automation capabilities of the Cb Protection for the following use cases:

  • Stop and prevent malware execution
  • System lockdown
  • Analyze unknown and ‘gray’ files
  • Process approval requests
  • Update security policies

https://community.carbonblack.com/t5/Best-Practices/Customer-Webcast-How-to-Automate-Simplify-Admini...

 

 

Labels (1)
Attachments
Comments

I was glad to see these covered in the presentation. I think they are among the first thing I will do upon completion of my upgrade.

So I added AllowBanFromEventRules to Shepherd_Config but when I go back I do not see it.

Does it remain hidden after adding it?

Thanks,

Bob

You may want to try restarting the website.

By restarting the website, do you mean rebooting the server?  Anyway, we tried that and the option to ban is still grayed out.  Any thoughts?  Bob, were you successful?

Restarting IIS. But rebooting would achieve the same thing. Can you confirm that you added the correct param and value into Shepherd_Config.php?

So we're on the latest version of Bit9, but I don't see an event rule action for Analyze file. Is that another Sheperd_config.php configuration that we would have to do...???

Actions available when I create an event rule: Only change global file state, change global process state, change local file state, and move computer.

*Edit: I want to be able to have event rules for VirusTotal/connector analysis, then if clean approve the file(s).

If you have a connector to a file analysis service like FireEye, Checkpoint, or our own Cb Inspection, the "Analyze File" option will be available.

I figured. I tossed a ticket in to get CB inspection details to setup/configure. If sharing here is acceptable, please do so and I can configure those items.

Is this presentation still relevant with the current version of CB Protection?  The link "https://attendee.gotowebinar.com/recording/1730397476336388865" appears to be dead.

No problem - thanks for digging it up for me!  :D

Cb Protect Friends,

May be obvious at this point but I noticed in Cool_Breeze initial post that the spelling is incorrect so please confirm details are as follows. If you attempt to enter this with misspelling then you will get an error saying property cannot be found.

Defined Properties:New Property

New Property Name: AllowBansFromEventRules

Property Value:true

 Best, Bill

Article Information
Author:
Creation Date:
‎11-03-2015
Views:
9570
Contributors