• Last Updated
    Jan 22, 2025
  • Version
    1.1.0
  • Compatibility
    ThreatQ Versions >= 5.25.0
  • VMware Carbon Black EDR On Premise Action Bundle

    ThreatQuotient

    Overview

    The VMware Carbon Black EDR On Premise action bundle enriches indicators and assets in a data collection with information found in VMWare Carbon Black EDR On Premise instances.

    WMWare Carbon Black EDR is used to record and save endpoint activity data. Security analysts can use this data to find in real time potential threats.

    The integration provides the following actions:

    • VMware Carbon Black EDR On Premise - Process Enrichment - queries data regarding processes.
    • VMware Carbon Black EDR On Premise - Binary Enrichment - queries data regarding binaries.
    • VMware Carbon Black EDR On Premise - Alert Enrichment - queries data regarding alerts.
    • VMware Carbon Black EDR On Premise - Manage Banned Hashes - manages the ban status of hashes.
    • VMware Carbon Black EDR on Premise - Manage Approved IP Addresses - manages the IP Addresses from the approved list. 

    The integration is compatible with the following object types:

    • Assets
    • Indicators

    The integration returns the following enriched system objects:

    • Assets
    • Indicators

    Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy