You can use the predefined widgets in the Carbon Black Cloud console to view the health of all objects, applications, and processes in your environment.

You can add and remove widgets from your dashboard, resize them, and export the displayed data.

Widget Name Description
Alerts A graphical representation of alerts within the specified time frame. Click the chart to access the Alerts page and view more details about the associated alerts.

The chart is available only when you select 3 hour, 1 day, or one week time frame. For all other time frames, including the custom, only the alert number is visible.
Critical Vulnerabilities on VMs The count of all VM workload vulnerabilities across operating systems (OS) and applications (apps). Click any OS or app to go to the Vulnerabilities > Product Vulnerabilities tab and view the filtered vulnerabilities data.
Endpoint Status The status of sensors on the endpoints. Click any status to go to the Endpoints page and view the deployed sensors that are in the selected state. Red text indicates that a sensor may require some action.
  • Active: Sensor checked in within the last 30 days.
  • Inactive: Sensor has not checked in within the last 30 days.
  • Quarantined: Sensor is isolated from affecting your network with malware or other suspicious activity.
  • Bypass: Sensor is not sending data to the cloud or is placed here temporarily during an update.
Getting Started An interactive widget to help you complete the basic onboarding tasks.
Threat Reports Allows you to search and view your recent threat reports.
  • Click Search for threat. It navigates you to the Investigate page. Here you can view the threat query and events in your environment.
  • Click Full report. It navigates you to the Threat Analysis Unit - Threat Intelligence Notification report by the Carbon Black's TAU team. It helps you to detect and prevent emerging threats.
Top Alerted Assets A list of the assets that have received the most alerts within the specified time frame.
Top Alerted Processes A list of processes that receive the most alerts within the specified time frame.
Note: Only the primary process reputation is used when calculating the total actions. Therefore, the counts in the widget can differ from the counts found on the Investigate page.
Total Prevented Actions A summary of malware within the specified time frame. This widget pulls total Observation counts from the Investigate page. Click any malware type to open the filtered Observation counts from the Investigate page.
Note: Only the primary process reputation is used when calculating the total actions. Therefore, the counts in the widget can differ from the counts found on the Investigate page.
  • Suspect Malware: Processes that could be a vessel for malware but do not have a reputation for malicious behavior. This includes MSBuild, InstallUtil, MSHTA.exe, and others.
  • Known Malware: Files identified as having no purpose other than performing malicious actions on the asset for the benefit of an attacker.
  • Non-Malware: Processes that were stopped due to your local banned list or malicious behavior, including dual-use files and tools. This includes the case where the reputation is executable (for example, a PowerShell or Winword.exe file), but it is behaving badly.
  • PUPs: The Potentially Unwanted Programs produce annoying results (delivering popup ads), but are sometimes used to deliver malware.
Total Prevented Actions - Alerts A summary of malware within the specified time frame. This widget pulls total alert counts from the Alerts page. Click any malware type to open the filtered alert counts from the Alerts page.
Note: Only the primary process reputation is used when calculating the total actions. Therefore, the counts in the widget can differ from the counts found on the Alerts page.
  • Suspect Malware: Processes that could be a vessel for malware but do not have a reputation for malicious behavior. This includes MSBuild, InstallUtil, MSHTA.exe, and others.
  • Known Malware: Files identified as having no purpose other than performing malicious actions on the asset for the benefit of an attacker.
  • Non-Malware: Processes that were stopped due to your local banned list or malicious behavior, including dual-use files and tools. This includes the case where the reputation is executable (for example, a PowerShell or Winword.exe file), but it is behaving badly.
  • PUPs: The Potentially Unwanted Programs produce annoying results (delivering popup ads), but are sometimes used to deliver malware.
VM Workloads Overview The state of sensors on the VM workloads. Click any status to go to the VM Workloads page and view the deployed sensors that are in the selected state.
  • Enabled: Sensor is enabled on the workload.
  • Not enabled: Sensor is not enabled on the workloads.
  • VMware Tools update required: You must upgrade the VMware Tools to the supported version.
  • Not supported: Workload does not support the OS or the OS version.
VMs with Critical Vulnerabilities The count of critical vulnerabilities across all VM workload assets. Click the asset type to go to the Vulnerabilities > Assets tab and view the filtered vulnerabilities data for that asset.