Environment

• Carbon Black Cloud:  All products

Question

Answer

1. Search for the CVE on the Vulnerability page to determine if the vulnerable software, noted in the CVE, is present on the network.  (See Additional Notes below to understand what is normally included.)
2. If the CVE search does not provide results, then the vulnerable software may not be present in the network or it may be uncommon third-party software that CBC does not track.

• To validate, scan the network for the known affected software configuration using Live Query or a third-party tool.
• If the vulnerable software noted in the CVE is found, then consider:

• If the vulnerable software noted in the CVE is not found on the network, a watchlist could be created to report its presence in the future based on the environment's security posture.  This may require watchlist maintenance in the future.

Additional Notes

• The following CVEs are normally included in CBC:
  • Windows Operating Systems CVEs are normally included. 
  • Limited Linux and OSX Operating System coverage are included.
  • Major third-party CVEs are most likely included.  (i.e. Adobe Reader, etc)
• Other third-party software may not be included.
  • Check nvd.nist.gov for the CVE.
  • Check the “Known Affected Software Configuration” section.   
• Open a Support case if additional help is required.

Related Content

• CB ThreatHunter: How to build a custom watchlist from the Investigate page
• Does Carbon Black Protect Against This "Named Threat?"
• Critical Vulnerabilities and Perspective