CLOUD CONNECTOR

VMware Carbon Black Cloud Endpoint Standard

The VMware Carbon Black Cloud Endpoint Standard solution (formerly CarbonBlack Defense) is an endpoint security and next-generation antivirus (NGAV) that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity in order to stop attacks before they reach critical systems. 

Securonix integrates with the VMware Carbon Black Endpoint Standard REST API, ingesting detected threat events such as malware, DDoS, code injections, ransomware, phishing, and data exfiltration and correlating them with events across the rest of the enterprise security infrastructure.

Carbon Black Syslog Connector Major Log/Event Types Related Threats Details
Network Network events such as HTTP calls to unknown domains DDoS, Network-based Attacks (NTA), Malware, Ransomware, Phishing Network events such as HTTP calls to unknown domains
File Create New file creation Malware, Ransomware, DLP New file creation
Registry Access Registry modifications Malware, Ransomware Registry modifications
System API Call
System API calls, such as those made by svchost.exe Account Compromise, Malware, Ransomware System API Calls, such as those made by svchost.exe
Process Creation New running process creation Malware, Ransomware, Phishing New running process creation
Data Access Access to system data or files DLP, Malware, Ransomware Access to system data or files
Code Injection Code injections into legitimate running processes Malware, Ransomware Code injections into legitimate running processes
Audit Log Events Audit log notifications such as: Log in attempts by users, Updates to connectors, Creation of connectors Brute Force, Account Compromise, Malware, Ransomware, Phishing, DLP, DDoS/Network Threats, Unusual Account Behavior/Geolocation Audit log notifications such as: Log in attempts by users, Updates to connectors, Creation of connectors