Built-in and Community Watchlists

Carbon Black EDR provides access to two sources of pre-configured watchlists, in addition to the watchlists you create.

The VMware Carbon Black User Exchange provides a forum for sharing watchlists.
The Watchlists page in the console includes a list of default watchlists, which include the following:
- Autoruns
- Filemods to Webroot
- Netconns to .cn or .ru
- Newly Executed Applications
- Newly Installed Applications
- Newly Loaded Modules
- Non-System Filemods to system
- USB drive usage
- Carbon Black Threat Reputation

In addition to the built-in Watchlists, in the top-right corner of the Watchlists page, you can click the Community Watchlists button to access Threat Research on the VMware Carbon Black User Exchange. Threat Research is a central portal where watchlist users can publish and discuss watchlists that might eventually be included as a feed.