This guide describes how to use Carbon Black EDR. It is written for both Carbon Black EDR and Carbon Black Hosted EDR administrators.

This is your guide to managing Carbon Black EDR and sensors and using Carbon Black EDR to monitor file activity and threats on your endpoints. The content includes Carbon Black EDR concepts, architecture, and terminology.

Intended Audience

This documentation is written for administrators, Security Operations Center (SOC), and Incident Response (IR) personnel. It is intended for people who set up and maintain security for endpoints and networks, and for users who assess potential vulnerabilities and detect advanced threats. Staff who manage Carbon Black EDR activities should be familiar with:

  • Linux, Microsoft Windows, and macOS operating systems
  • Web applications
  • Desktop infrastructure (especially in-house procedures for software roll-outs, patch management, and antivirus software maintenance)
  • Effects of unwanted software

Additional Documentation

  • Carbon Black EDR Release Notes – Provides information about new and modified features, issues resolved, general improvements in this release, and known issues and limitations. It also includes required or suggested preparatory steps before installing the Carbon Black EDR server.
  • Carbon Black EDR Server Operating Environment Requirements Guide – Describes performance and scalability considerations in deploying a Carbon Black EDR server.
  • Carbon Black EDR Sensor OERs – These five documents describe the operating environment requirements for Carbon Black EDR Windows, macOS, and Linux sensors.
  • Carbon Black EDR Sensor Installation Guide – Describes how to install, upgrade, uninstall, and troubleshoot Carbon Black EDR sensors.
  • Carbon Black EDR Server Configuration Guide – Describes the Carbon Black EDR server configuration file (cb.conf), including options, descriptions, and parameters.
  • Carbon Black EDR Server Cluster Management Guide – Describes how to install, manage, and backup/restore a Carbon Black EDR non-containerized server/cluster.
  • Carbon Black EDR Containerized Server Guide – Describes how to install, manage, and backup/restore a Carbon Black EDR containerized server/cluster.
  • Carbon Black EDR Unified View User Guide – Describes how to install and manage Carbon Black EDR Unified View.
  • Carbon Black EDR Integration Guide – Provides information for administrators who are responsible for integrating Carbon Black EDR with various tools and applications, such as Carbon Black App Control, EMET, VDI, SSO, and more.
  • Carbon Black EDR API – Documentation for the Carbon Black EDR REST API is located at https://developer.carbonblack.com/reference/enterprise-response . Documentation for the Python module for easy access to the REST API is hosted at https://cbapi.readthedocs.io .
  • Carbon Black EDR connectors – Documentation describing how to install, configure and maintain various connectors is located at https://developer.carbonblack.com/reference/enterprise-response/connectors/ . A connector enables communication between a third-party product and a Carbon Black EDR server.

Document History

For a list of changes made to this guide, see Document History.