The console main menu at the top of each page allows you to navigate to other console pages.
The menu is organized by logical task-groupings, and in most cases shows a submenu of choices when you move the mouse over one of the top-level labels. Clicking on an item in the main menu without making a submenu choice opens the page for the first item on the submenu. A blue bar appears under the currently active menu item.
Section |
Description |
---|---|
<servername> |
The server name is always shown in the menu bar. UNIFIED MANAGEMENT: If Unified Management is enabled, the name dropdown provides a shortcut to Unified Management configuration and access to other servers by the management server. See Unified Management of Multiple Servers for more details. |
Home |
By default, the console displays the Home page when you log in. Clicking Dashboards>Home Page in the console menu returns to this page from other pages. The Home Page provides quick access to information about files, events, computers, and licenses. It also lets you change the policy of a computer or initiate a network-wide lockdown if needed. The Home Page is a dashboard that you can customize to deliver different information in different forms. A dropdown menu on the Home Page lists other dashboards to which you have access.See Using and Customizing Dashboards for more details. You can change the page that appears first when you log in to the console. See Preference Settings for Console Users. |
Reports |
Events are messages resulting from activities monitored by or related to App Control. On the Events page, Saved Views provide custom reports for certain types of events, and you can filter any view to create your own report. Events include files blocked, unapproved files executed, and system changes made by console users. For file-related events, you can link directly from an event to the file details. See Event Reports. Cached Events displays a subset of events that a user has chosen to cache for faster display. See Caching Events for Later Viewing. Dashboards displays the Dashboard List page. A dashboard displays information about your App Control installation and the assets it manages through a series of “portlets.” You can drill down for more details about files, computers, events and alerts. The Home Page is a special dashboard. Users can create and optionally share their own dashboards and portlets. See Using and Customizing Dashboards |
Baseline Drift displays a page with two tabs:
See Monitoring Change: Baseline Drift Reports External Notifications displays notifications from network security devices, such as those from Palo Alto Networks. If a notification references files or computers shown in your endpoint data, you can correlate data from the two sources. See App Control Connector |
|
Assets |
Computers shows a table of computers managed by your server. You can filter the table of computers by various categories. For the computers in the table, you can change the security policy to apply and also temporarily put the computer into Local Approval mode. See Managing Computers Filesdispl ays two tabbed lists of files on your App Control-managed computers:
In addition, you can use the Saved Views menu to further specify the files you want to see. Views include Banned Files, New Unapproved Files, Malicious Files, Categorized Files, and Installed Programs. Platform Note: Installed Programs shows Windows programs only. You can use custom filters on the Files page to locate specific files and ban or approve them (locally or globally) as appropriate. See Viewing File Tables . Applications shows two tabbed lists of applications detected on Carbon Black App Control computers reporting to your server:
Devices displays two tabbed lists of removable devices detected on Windows and Mac computers reporting to your server:
You can globally approve a device so that client computers can access files on it when other devices are restricted. You can ban a specific device so that files on it are never allowed to execute. See Managing Devices Platform Note: Device discovery and control are currently available on Windows and Mac agents. |
Rules |
Policies shows the table of existing policies (named sets of security rules) and allows you to edit these policies or create new ones. It also provides a link to the App Control Agent download page. Each policy automatically generates its own agent installation file when created. The installation file used for an agent determines the initial policy for that computer, but computers can be moved to another policy or deleted from the policy when retired from service. See Creating and Configuring Policies A Mappings tab is added to the Policies page if Active Directory (AD) integration with the App Control Server is enabled on the System Configuration page, and the Carbon Black App Control Server and an AD server inhabit the same AD Forest. Clicking this tab opens the Active Directory Policy Mappings page, where you can set rules by which computers running the Carbon Black App Control Agent are assigned to policies according to one of the AD groups the computer (or its user) belongs to. See Assigning Policy by Active Directory Mapping. Notifiers displays the table of existing blocked file or action notifiers that can be associated with policies and their settings. You can add, delete, and modify notifiers on this page. Notifiers can be configured to appear on an endpoint running the App Control Agent when an action is blocked on that endpoint. See Endpoint Notifiers and Approval Requests Software Rules displays several categories of Carbon Black App Control rules for approving or banning files and controlling access to computer functions. Each tab shows existing rules, and may allow editing, deleting, creating, and/or enabling or disabling of rules:
Event Rules displays the Event Rule table. Event rules specify an action to be performed when an event matches filters you define. Indicator Sets displays the Indicator Set table. An Indicator Set is a group of advanced threat detection rules that can be enabled to increase the visibility of suspicious activities. |
Tools |
Meters enable you to monitor the number of executions of files you specify, and the users and computers executing them. Alerts provide notifications in the console and via email when certain conditions occur. Alerts can be made policy-specific. Find Files enables you to locate all instances of an executable file on computers running the Carbon Black App Control Agent on your network. You can make similar searches from the Files page using filters, but Find Files is pre-configured for this purpose. Approval Requests displays a list of file approval requests received from users on computers running the Carbon Black App Control Agent. Requests are created when a user is blocked from a file action and requests that the file be approved. The Approval Requests page shows request status along with information about the file and the requester. Requested Files displays a page with three tabs, each of which is a table of files. The tabs are: Uploaded Files – Shows the list and the status of files that a user requested to be uploaded to the server from an agent computer. Analyzed Files – Shows the list and the status of files that a user or rule requested to be sent to an external device for analysis. Diagnostic Files – Shows the list and the status of diagnostic files that a console user requested to be uploaded to the server from an agent computer. |
Settings |
Login Accounts displays the Login Accounts page for creating and managing users of the console. Note that login accounts are not needed for the users of computers running the Carbon Black App Control Agent. System Configuration provides access to pages for tasks including the server configuration; managing log files; securing communications with agents; configuring backups; downloading software updates; and configuring optional Carbon Black App Control services, including integration with Active Directory. System configuration features are available only to administrator-level login accounts. System Health displays the System Health page, which provides a summary of the state of factors affecting the operation of this Carbon Black App Control Server plus more detailed information about specific factors, such as compliance with the operating environment requirements for a server. Update Agent/Rule Versions displays the drag-and-drop interface for updating agent installation packages and their associated rules on the server. See Uploading Agent Installers and Rules to the Server for more information. |
Help (i) |
Clicking Help or the information button in the main console menu displays the home page for Carbon Black App Control help in a separate browser window. To go directly to information about the page you are on, click the blue question mark button next to the page title. |
<username> |
The name of the currently logged in user is shown on the far right of the menu bar and provides a menu with two choices: User Settings enables each user (including ReadOnly users) to change their password, choose the first page seen upon login, determine the default number of rows on table pages, enable resizable columns, and specify whether the console maintains customizations to a page between visits. Logout logs the user out of the Carbon Black App Control Console. |