<servername>

The server name is always shown in the menu bar.

UNIFIED MANAGEMENT: If Unified Management is enabled, the name dropdown provides a shortcut to Unified Management configuration and access to other servers by the management server. See Unified Management of Multiple Servers for more details.

Home

By default, the console displays the Home page when you log in. Clicking Home in the menu bar returns to this page from other pages.

The Home Page provides quick access to information about files, events, computers, and licenses. It also lets you change the policy of a computer or initiate a network-wide lockdown if needed.

The Home Page is a dashboard that you can customize to deliver different information in different forms. A dropdown menu on the Home Page lists other dashboards to which you have access.See Using and Customizing Dashboards for more details.

You can change the page that appears first when you log in to the console. See Preference Settings for Console Users.

Reports

Eventsare messages resulting from activities monitored by or related to App Control. On the Events page, Saved Views provide custom reports for certain types of events, and you can filter any view to create your own report. Events include files blocked, unapproved files executed, and system changes made by console users. For file-related events, you can link directly from an event to the file details. See Event Reports.

Cached Events displays a subset of events that a user has chosen to cache for faster display. See Caching Events for Later Viewing.

Dashboards displays the Dashboard List page. A dashboard displays information about your App Control installation and the assets it manages through a series of “portlets.” You can drill down for more details about files, computers, events and alerts. The Home Page is a special dashboard. Users can create and optionally share their own dashboards and portlets. See Using and Customizing Dashboards

Baseline Drift displays a page with two tabs:

• The Baseline Drift tab shows any available reports that analyze the “drift” from a specified baseline file inventory, allows you to run the reports, and allows you to create and configure new reports.
• The Snapshot tab on the Baseline Drift page shows any named file lists, called “Snapshots,” that you have created for use in baseline drift analysis. There are several places in the console from which you can create a Snapshot.

See Monitoring Change: Baseline Drift Reports

External Notifications displays notifications from network security devices, such as those from Palo Alto Networks. If a notification references files or computers shown in your endpoint data, you can correlate data from the two sources. See App Control Connector

Assets

Computers shows a table of computers managed by your server. You can filter the table of computers by various categories. For the computers in the table, you can change the security policy to apply and also temporarily put the computer into Local Approval mode. See Managing Computers

Filesdisplays two tabbed lists of files on your App Control-managed computers:

• File Catalog is a list of all unique files that have been discovered by agents reporting to your Carbon Black App Control Server.
• Files on Computers is a list of all instances of tracked files discovered by agents reporting to your Carbon Black App Control Server.

In addition, you can use the Saved Views menu to further specify the files you want to see. Views include Banned Files, New Unapproved Files, Malicious Files, Categorized Files, and Installed Programs.

Platform Note: Installed Programs shows Windows programs only.

You can use custom filters on the Files page to locate specific files and ban or approve them (locally or globally) as appropriate.

See Viewing File Tables .

Applications shows two tabbed lists of applications detected on Carbon Black App Control computers reporting to your server:

• Application Catalog is a table of all unique applications that have been discovered by computers reporting to your server.
• Applications on Computers is a list of all instances of applications on computers reporting to your server.

See Application Information.

Devices displays two tabbed lists of removable devices detected on Windows and Mac computers reporting to your server:

• Device Catalog has two views. One is a list of all unique device models that have been discovered by agents on computers reporting to your Carbon Black App Control Server; the other lists all instances (i.e., unique serial numbers) found.
• Devices on Computers is a list of all unique attachments, which are defined as pairings of one computer and one device.

You can globally approve a device so that client computers can access files on it when other devices are restricted. You can ban a specific device so that files on it are never allowed to execute. See Managing Devices

Platform Note: Device discovery and control are currently available on Windows and Mac agents.

Rules

Policies shows the table of existing policies (named sets of security rules) and allows you to edit these policies or create new ones. It also provides a link to the App Control Agent download page.

Each policy automatically generates its own agent installation file when created. The installation file used for an agent determines the initial policy for that computer, but computers can be moved to another policy or deleted from the policy when retired from service. See Creating and Configuring Policies

A Mappings tab is added to the Policies page if Active Directory (AD) integration with the App Control Server is enabled on the System Configuration page, and the Carbon Black App Control Server and an AD server inhabit the same AD Forest.

Clicking this tab opens the Active Directory Policy Mappings page, where you can set rules by which computers running the Carbon Black App Control Agent are assigned to policies according to one of the AD groups the computer (or its user) belongs to. See Assigning Policy by Active Directory Mapping.

Notifiers displays the table of existing blocked file or action notifiers that can be associated with policies and their settings. You can add, delete, and modify notifiers on this page. Notifiers can be configured to appear on an endpoint running the App Control Agent when an action is blocked on that endpoint. See Endpoint Notifiers and Approval Requests

Software Rules displays several categories of Carbon Black App Control rules for approving or banning files and controlling access to computer functions. Each tab shows existing rules, and may allow editing, deleting, creating, and/or enabling or disabling of rules:

• The Updaters tab lists updaters available to your server. Enabling an updater for a program or set of programs permits end-users to install application updates when they become available for download via the application update program.

  Note: Platform Note: Updaters are platform-specific.

• The Rapid Configs tab lists sets of rules that can be used to accomplish tasks such as application optimization, OS and application hardening, and approval of files delivered by software distribution systems.

  Note: Platform Note: Rapid Configs are platform-specific.
• The Publishers tab lists software vendors for which Carbon Black App Control can confirm one or more valid digital certificates. Publishers can be approved or banned through this page.
• The Users tab lists users or groups trusted with permission to install files on any computer they log into with their credentials.
• The Directories tab lists authorized approval directories in which all software is approved.
• The Files tab lists individual file approvals and bans.
• The Custom tab lists custom rules, such as specifying how and where files are allowed to execute or write and, whether a file is tracked by App Control.

• The Memory tab lists Carbon Black App Control rules controlling retrieval of information about, modification of, and execution (or termination) of specified processes.

  Note: Platform Note: This feature applies to Windows agents only.

• The Registryab lists Carbon Black App Control rules controlling creation, modification, and editing in the Windows Registry.

  Note: Platform Note: This feature applies to Windows agents only.
• The Scripts tab lists rules that define which files are tracked and controlled as scripts in Carbon Black App Control.
• The Reputation tab appears if Carbon Black File Reputation is enabled on the System Configuration/Licensing page. Reputation-based file and publisher approvals can be enabled and disabled on this tab.

Event Rules displays the Event Rule table. Event rules specify an action to be performed when an event matches filters you define.

Indicator Sets displays the Indicator Set table. An Indicator Set is a group of advanced threat detection rules that can be enabled to increase the visibility of suspicious activities.

Tools

Metersenable you to monitor the number of executions of files you specify, and the users and computers executing them.

Alerts provide notifications in the console and via email when certain conditions occur. Alerts can be made policy-specific.

Find Files enables you to locate all instances of an executable file on computers running the Carbon Black App Control Agent on your network. You can make similar searches from the Files page using filters, but Find Files is pre-configured for this purpose.

Approval Requests displays a list of file approval requests received from users on computers running the Carbon Black App Control Agent. Requests are created when a user is blocked from a file action and requests that the file be approved. The Approval Requests page shows request status along with information about the file and the requester.

Requested Files displays a page with three tabs, each of which is a table of files. The tabs are:

Uploaded Files – Shows the list and the status of files that a user requested to be uploaded to the server from an agent computer.

Analyzed Files – Shows the list and the status of files that a user or rule requested to be sent to an external device for analysis.

Diagnostic Files – Shows the list and the status of diagnostic files that a console user requested to be uploaded to the server from an agent computer.

(configuration)

Login Accounts displays the Login Accounts page for creating and managing users of the console. Note that login accounts are not needed for the users of computers running the Carbon Black App Control Agent.

System Configuration provides access to pages for tasks including the server configuration; managing log files; securing communications with agents; configuring backups; downloading software updates; and configuring optional Carbon Black App Control services, including integration with Active Directory. System configuration features are available only to administrator-level login accounts.

System Health displays the System Health page, which provides a summary of the state of factors affecting the operation of this Carbon Black App Control Server plus more detailed information about specific factors, such as compliance with the operating environment requirements for a server.

Update Agent/Rule Versions displays the drag-and-drop interface for updating agent installation packages and their associated rules on the server. See . Uploading Agent Installers and Rules to the Server for more information.

(help home page)

Clicking the blue question mark button in the main console menu displays the home page for Carbon Black App Control help in a separate browser window. To go directly to information about the page you are on, click the black question mark button next to the page title.

<username>

The name of the currently logged in user is shown on the far right of the menu bar and provides a menu with two choices:

User Settings enables each user (including ReadOnly users) to change their password, choose the first page seen upon login, determine the default number of rows on table pages, enable resizable columns, and specify whether the console maintains customizations to a page between visits.

Logout logs the user out of the Carbon Black App Control Console.