This is your guide to day-to-day administration and security monitoring tasks: monitoring executable files on your network using Carbon Black App Control; configuring the Carbon Black App Control Server; managing computers running the Carbon Black App Control Agent; and managing Carbon Black App Control Console users.
This guide covers the following:
Section | Description |
---|---|
Describes the Carbon Black App Control architecture, key management concepts, and operation strategies. |
|
Describes how to log in to the system and navigate to features using the Carbon Black App Control Console. It includes descriptions of common menus and buttons. |
|
Describes how to create, manage, and delete login accounts. Also describes the role-based access privileges of different types of user accounts, and how to use Active Directory accounts as Carbon Black App Control Console accounts. |
|
Describes how to configure, deploy, and install the Carbon Black App Control Agent. Also describes how to get information about managed computers. |
|
Describes policies, which define the protections for groups of computers; includes policy settings, Enforcement Levels, and how to change them. |
|
Describes special considerations for managing virtual machines created from template computers. |
|
Describes where and how you get information about files seen by agents reporting to your Carbon Black App Control Server. Includes descriptions of the detailed global and local file state information provided by the server. Also describes information provided about publishers and applications discovered and inventoried by Carbon Black App Control. |
|
Describes different methods of approving and banning files, and when to use them. |
|
Describes how to us the Carbon Black App Control console to delete files from one or more endpoints. |
|
Describes how to use Carbon Black File Reputation trust settings to automatically approve files and publishers. |
|
Describes how approve and ban files by approving or banning specific certificates associated with a publisher. |
|
Describes how to set up rules to control access to files on devices connected to computers. |
|
Describes how to add files to the list of those controlled by script rules. |
|
Describes how to create “custom rules” that affect what happens when there is an attempt to execute or write files at specified paths. Also describes how to export rules from one server and import them to another. |
|
Describes how to create rules that affect what happens when there is an attempt to modify the Windows Registry at specified paths. |
|
Describes how to create rules that affect what happens when there is an attempt by one process to access or alter another process. |
|
Describes the expert interface to Custom, Registry, and Memory Rules. This interface is for use in consultation with Carbon Black Support or Services only. |
|
Describes how to enable and configure sets of rules that can be used to accomplish tasks such as application optimization, operating system and application hardening, and approval of files delivered by software distribution systems. |
|
Describes how to create rules that take an action when specified events are reported to the Carbon Black App Control Server. |
|
Describes how blocked file notifiers work on agent computers and describes how to customize notifiers. Also describes configuration and management of approval requests from users. |
|
Describes how to carry out day-to-day monitoring operations. Instructions include how to use Carbon Black App Control reports and events to identify changes in network file activity and respond appropriately. Also describes how to set up email alerts for Carbon Black App Control-monitored activity, and how to meter execution of specific files. |
|
Describes how to use the Baseline Drift Report feature to monitor change in file inventory over time. |
|
Describes Carbon Black App Control’s advanced threat indicators, which can be used to detect threatening or suspicious activity on systems reporting to your server. |
|
Describes special graphic display pages, called Dashboards, that summarize key information about managed computers and the files on them. |
|
Describes the Find Files feature, which can locate specific executable files on computers running the agent on your network. |
|
Describes configuration settings, including integration with other servers (including VMWare Carbon Black EDR), backup procedures, product update procedures, optional CB Reputation hash-identification services, agent-server communication security, and other configuration options. |
|
Describes the Unified Management features that allow one Carbon Black App Control Server to control many common management functions on multiple servers. |
|
Describes the System Health page, which provides information about factors that affect the health of your Carbon Black App Control environment, including compliance with the hardware and software requirements, SQL Server configuration, and other health and performance data. |
|
Describes the set of available read-only views into the "live inventory" database of files on your managed computers. |
|
Describes the Carbon Black App Control API, a RESTful API that may be used to write code to interact with Carbon Black App Control, either using custom scripts or from other applications, including network security platforms. |
|
Describes the optional, separately licensed connector for integrating third-party network security devices (Palo Alto Networks) with Carbon Black App Control. |
|
Describes how to upload and access agent diagnostic files. Also describes server diagnostic files available through the console. |
|
Describes the optional, separately licensed features for uploading files from agents to the server. |
|
Describes the optional, separately licensed features for sending endpoint data collected by the Carbon Black App Control Server collects to external analysis tools such as Splunk. |