Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
- Mac OSX: All Supported Versions
- Linux: All Supported Versions
Question
Can the CBC sensor capture events around when a user would input credentials into any domain, or phishing sites, etc.?
Answer
Currently the CBC product does not log that level of detail. At best, you can see a browser making a network connection to a domain. However, the CBC sensor does not:
- Know whether or not the domain/site is a phishing site or legit
- Know if a userr submitted anything to the site
- Know if that submission contained credentials