Carbon Black XDR is a consolidation of tools and data that provides extended visibility, analysis, and response across endpoints, workloads, users, and networks.

Carbon Black XDR focuses on adding network telemetry for XDR, and provides insight into network packets and processes.

For more information about XDR, see What is Extended Detection and Response (XDR)?

Overview of how VMware Carbon Black XDR works

Carbon Black XDR implements XDR for Carbon Black Cloud Enterprise EDR. This implementation requires the Carbon Black Cloud Windows Sensor 3.9.1 MR1+.

With Carbon Black XDR, you can visualize and analyze relevant network data. For example:

  • Signatures of network connections (JA3 and JA3S thumbprints)
  • Network intrusion detection
  • Security wrapper details (TLS data)
  • Signer of certificate (encryption - TLS data)
  • HTTP details