You use the Carbon Black EDR navigation bar to access console pages. The following table describes the options that are available for users with full Administrator/Global Administrator privileges – other users will see options that are appropriate to their privilege level. The Teams option appears for cloud instances only.
Link |
Description |
---|---|
CB Logo |
Opens the HUD page, which is a customizable page that provides a summary of alerts on hosts that report to your Carbon Black EDR server. See Head-Up Display Page. |
Threat Intelligence |
Provides intelligence feeds. You can set up watchlists, incremental synchronizations, and full synchronizations with these feeds. You can also access information about process and binary matches found by each feed. See Threat Intelligence Feeds |
Triage Alerts |
Shows events that match queries that are defined by watchlists and indicators of compromise (IOCs) that are defined by feeds. The information provides criteria that is available to search for specific events. See Managing Alerts on the Triage Alerts Page. |
Watchlists |
Saved queries that are performed on process events and binary data stores. The queries contain lists you can use to track specific IOCs. See Watchlists |
Process Search |
Provides an overview of the sensor process data collection that is received from currently installed sensors. See Process Search and Analysis |
Binary Search |
Shows the metadata of binary files that have been executed. Binary file data is tracked at the moment of execution, and is identified by MD5 hash name. See Binary Search and Analysis |
Go Live |
This icon appears if you have enabled Go Live in Username > Settings > Advanced Settings. It opens a command line page that provides direct access to sensors. You can directly access content on endpoints. See Responding to Endpoint Incidents |
Live Query |
This icon appears if you have enabled Live Query in Username > Settings > Advanced Settings. It allows you to run direct SQL queries against targeted endpoints. See Live Query. |
Investigations |
A collection of tagged process events that are products of search results from searching your networks and endpoints for threats. See Investigations. |
Sensors |
Shows data for sensors and sensor groups. Sensor groups categorize sensors that share the same configuration. You can view, define and update sensors and sensor groups on this page. See Managing Sensors. |
Yara Manager |
VMware Carbon Black Yara Manager provides a web-based user interface that is integrated with the Carbon Black EDR server to configure, control, and assess the status of the Yara Connector. See Yara Manager. |
Users |
|
Teams |
Carbon Black Hosted EDR only. This link goes to the Team Management page for your instance. Administrators can configure users, view user activity, and create and manage teams of users. See Managing User Accounts (Carbon Black Hosted EDR). |
Event Forwarder |
Displays only if enabled. This link opens the Event Forwarder Settings page, which lets you configure the Event Forwarder from within the Carbon Black EDR console. See Event Forwarder. |
Server Dashboard |
Shows server statistics such as sensor statistics and server communication status. See Monitoring Sensor and Server Information. |
Banned Hashes |
Opens the Manage Banned Hashes page, which shows process hashes for which a ban has been created. Banned processes are blocked from running on hosts that are managed by a Carbon Black EDR sensor. See Responding to Endpoint Incidents |