You use the Carbon Black EDR navigation bar to access console pages. The following table describes the options that are available for users with full Administrator/Global Administrator privileges – other users will see options that are appropriate to their privilege level. The Teams option appears for cloud instances only.

Link

Description

CB Logo

Opens the HUD page, which is a customizable page that provides a summary of alerts on hosts that report to your Carbon Black EDR server. See Head-Up Display Page.

Threat Intelligence

Provides intelligence feeds. You can set up watchlists, incremental synchronizations, and full synchronizations with these feeds. You can also access information about process and binary matches found by each feed. See Threat Intelligence Feeds

Triage Alerts

Shows events that match queries that are defined by watchlists and indicators of compromise (IOCs) that are defined by feeds. The information provides criteria that is available to search for specific events. See Managing Alerts on the Triage Alerts Page.

Watchlists

Saved queries that are performed on process events and binary data stores. The queries contain lists you can use to track specific IOCs. See Watchlists

Process Search

Provides an overview of the sensor process data collection that is received from currently installed sensors. See Process Search and Analysis

Binary Search

Shows the metadata of binary files that have been executed. Binary file data is tracked at the moment of execution, and is identified by MD5 hash name. See Binary Search and Analysis

Go Live

This icon appears if you have enabled Go Live in Username > Settings > Advanced Settings. It opens a command line page that provides direct access to sensors. You can directly access content on endpoints. See Responding to Endpoint Incidents

Live Query

This icon appears if you have enabled Live Query in Username > Settings > Advanced Settings. It allows you to run direct SQL queries against targeted endpoints. See Live Query.

Investigations

A collection of tagged process events that are products of search results from searching your networks and endpoints for threats. See Investigations.

Sensors

Shows data for sensors and sensor groups. Sensor groups categorize sensors that share the same configuration. You can view, define and update sensors and sensor groups on this page. See Managing Sensors.

Yara Manager

VMware Carbon Black Yara Manager provides a web-based user interface that is integrated with the Carbon Black EDR server to configure, control, and assess the status of the Yara Connector. See Yara Manager.

Users

Teams

Carbon Black Hosted EDR only. This link goes to the Team Management page for your instance. Administrators can configure users, view user activity, and create and manage teams of users. See Managing User Accounts (Carbon Black Hosted EDR).

Event Forwarder

Displays only if enabled. This link opens the Event Forwarder Settings page, which lets you configure the Event Forwarder from within the Carbon Black EDR console. See Event Forwarder.

Server Dashboard

Shows server statistics such as sensor statistics and server communication status. See Monitoring Sensor and Server Information.

Banned Hashes

Opens the Manage Banned Hashes page, which shows process hashes for which a ban has been created. Banned processes are blocked from running on hosts that are managed by a Carbon Black EDR sensor. See Responding to Endpoint Incidents