This guide describes how to use VMware Carbon Black EDR. It is written for both Carbon Black EDR and VMware Carbon Black Hosted EDR administrators.
This is your guide to managing Carbon Black EDR and sensors and using Carbon Black EDR to monitor file activity and threats on your endpoints. The content includes Carbon Black EDR concepts, architecture, and terminology.
This documentation is written for administrators, Security Operations Center (SOC), and Incident Response (IR) personnel. It is intended for people who set up and maintain security for endpoints and networks, and for users who assess potential vulnerabilities and detect advanced threats. Staff who manage Carbon Black EDR activities should be familiar with:
- Linux, Microsoft Windows, and macOS operating systems
- Web applications
- Desktop infrastructure (especially in-house procedures for software roll-outs, patch management, and antivirus software maintenance)
- Effects of unwanted software
- VMware Carbon Black EDR Release Notes – Provides information about new and modified features, issues resolved, general improvements in this release, and known issues and limitations. It also includes required or suggested preparatory steps before installing the server.
- VMware Carbon Black EDR Server Operating Environment Requirements Guide – Describes performance and scalability considerations in deploying a Carbon Black EDR server.
- VMware Carbon Black EDR Sensor OERs – These five documents describe the operating environment requirements for Carbon Black EDR Windows, macOS, and Linux sensors.
- VMware Carbon Black EDR Sensor Installation Guide – Describes how to install, upgrade, uninstall, and troubleshoot Carbon Black EDR sensors.
- VMware Carbon Black EDR Server Configuration Guide – Describes the Carbon Black EDR server configuration file ( cb.conf ), including options, descriptions, and parameters.
- VMware Carbon Black EDR Server Cluster Management Guide – Describes how to install, manage, and backup/restore a Carbon Black EDR non-containerized server/cluster.
- VMware Carbon Black EDR Containerized Server Guide – Describes how to install, manage, and backup/restore a Carbon Black EDR containerized server/cluster.
- VMware Carbon Black EDR Unified View User Guide – Describes how to install and manage VMware Carbon Black EDR Unified View.
- VMware Carbon Black EDR Integration Guide – Provides information for administrators who are responsible for integrating Carbon Black EDR with various tools and applications, such as VMware Carbon Black App Control, EMET, VDI, SSO, and more.
- Carbon Black EDR API – Documentation for the Carbon Black EDR REST API is located at https://developer.carbonblack.com/reference/enterprise-response . Documentation for the Python module for easy access to the REST API is hosted at https://cbapi.readthedocs.io .
- Carbon Black EDR connectors – Documentation describing how to install, configure and maintain various connectors is located at https://developer.carbonblack.com/reference/enterprise-response/connectors/ . A connector enables communication between a third-party product and a Carbon Black EDR server.
For a list of changes made to this guide, see Document History.