ThreatConnect Marketplace
  • Apps
  • Playbooks
  • Apps
  • Playbooks
Home » Apps Overview » VMware Carbon Black EDR
Back to Apps
Related Resources
  • Carbon Black Response - Blog

Categories:
  • Endpoint Detection and Response
Built by

ThreatConnect

VMware Carbon Black EDR

The integration between ThreatConnect and Carbon Black Response allows users to take IOCs identified by ThreatConnect that meet a specified threat rating and send file hashes and IPs back to Carbon Black Response for action. Once ThreatConnect sends the IOC, Carbon Black Response will then correlate the intel from ThreatConnect with the data that’s been collected from the endpoints and automatically take action based on if there are any correlations (or hits) found. The integration allows users to instantly hunt for targeted IOCs they were tracking in ThreatConnect across Carbon Black Response’s extensive network of endpoints. When a hit occurs, the full context of each hit – including associated threats, past observations or incidents, and community insight – is accessible to the analyst via ThreatConnect. With the Playbooks Apps, users are automatically able to take the following actions:

  • Ban MD5 Hash
  • Create File on Sensor
  • Create Watchlist
  • Delete File on Sensor
  • Isolate Sensor
  • Unisolate Sensor
  • Kill Process by Sensor
  • Retrieve All Processes on Sensor
  • Retrieve File by MD5
  • Retrieve File Info by Sensor
  • Retrieve File from Sensor
  • Retrieve Process Info by Search
  • Retrieve Sensor BY ID
  • Retrieve Watchlist by ID
  • Retrieve Watchlist by Name
  • Update Watchlist by ID

This app can be found in the ThreatConnect App Catalog under Carbon Black Response.

Related Apps

Cybereason
Endpoint Detection and Response

With the Cybereason  integration, customers  have the ability to query both types of malops, isolate suspicious activities,...

SentinelOne
Endpoint Detection and Response

With the SentinelOne integration, users  have the ability to interact with agents, threats, hashes, exclusions and blocklist...

CarbonBlack Playbook
Endpoint Detection and Response

This Playbook template will allow you to deploy a Yara rule to Carbon Black's Yara Manager.

Developers

  • Knowledge Base
  • Training Site

Company

  • ThreatConnect
  • Contact Us
  • Blog
  • Twitter
  • Facebook
  • Linkedin

© Copyright - ThreatConnect Marketplace
Scroll to top