Carbon Black Cloud: Does the CBC sensor capture events around user input credentials in any domain?

Carbon Black Cloud: Does the CBC sensor capture events around user input credentials in any domain?

Environment

  • Carbon Black Cloud Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Mac OSX: All Supported Versions
  • Linux: All Supported Versions

Question

Can the CBC sensor capture events around when a user would input credentials into any domain, or phishing sites, etc.?

Answer

Currently the CBC product does not log that level of detail. At best, you can see a browser making a network connection to a domain. However, the CBC sensor does not:
- Know whether or not the domain/site is a phishing site or legit
- Know if a userr submitted anything to the site
- Know if that submission contained credentials

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-03-2021
Views:
84
Contributors