You can explore XDR and netconn data in the Carbon Black Cloud Console.
You can view and investigate XDR and netconn data in various ways. For example:
- The Process Analysis page displays additional information about certain netconns (protocol, timestamps, and headers).
- The Alert Triage page includes network nodes that highlight IDS-specific netconns.
- MITRE ATT&CK Tactics and Techniques are available on the Alert, Alerts Triage, Observations, and Process Analysis pages. You can use these fields to filter and search on the Processes page as well.
Note: MITRE ATT&CK is not specific to XDR. Any Carbon Black Cloud instance will display this information.
- You can use the Configure Table option to build process-centric and network-centric views.
Application Protocolfilter is available on the Alert, Observations, and Processes pages.
- You can build Watchlists from reported netconn data.
See the following topics for more details.