Articles in this section

See more

SkyFormation for CB (Carbon Black) Defense Connector Overview

Avatar
Nadav Lavy (Greenberg)
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

For more information about CB Defense, please visit:
https://www.carbonblack.com/products/cb-defense/
  

Connector's API/Audit Sources & Events Supported

Audit Source (API) Service/Module Covered Event Included
Events  

Query the CB Defense datastore for information on individual endpoint events for enrichment.

 Retrieves all notifications and alerts with Event Types:

  • “NETWORK”
  • “FILE_CREATE”
  • “REGISTRY_ACCESS”
  • “SYSTEM_API_CALL”
  • “CREATE_PROCESS”
  • “DATA_ACCESS”
  • “INJECT_CODE”


Every retrieved event contains a field "alertScore". 

  • If alertScore  < 3 - the event is considered as notification
  • Events with higher scores are considered as alerts.

For more information, please refer to:
https://developer.carbonblack.com/reference/psc/cb-defense/latest/rest-api/
Audit Log Events  

Audit log notifications. Event example 

  • Log in attempts by users
  • Updates to connectors
  • Creation of connectors


How to add CB Defense Connector to SkyFormation app

Adding SkyFormation for CB Defense connector

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.