
Jan 22, 2025
1.1.0
ThreatQ Versions >= 5.25.0
VMware Carbon Black EDR On Premise Action Bundle
Overview
The VMware Carbon Black EDR On Premise action bundle enriches indicators and assets in a data collection with information found in VMWare Carbon Black EDR On Premise instances.
WMWare Carbon Black EDR is used to record and save endpoint activity data. Security analysts can use this data to find in real time potential threats.
The integration provides the following actions:
- VMware Carbon Black EDR On Premise - Process Enrichment - queries data regarding processes.
- VMware Carbon Black EDR On Premise - Binary Enrichment - queries data regarding binaries.
- VMware Carbon Black EDR On Premise - Alert Enrichment - queries data regarding alerts.
- VMware Carbon Black EDR On Premise - Manage Banned Hashes - manages the ban status of hashes.
- VMware Carbon Black EDR on Premise - Manage Approved IP Addresses - manages the IP Addresses from the approved list.
The integration is compatible with the following object types:
- Assets
- Indicators
The integration returns the following enriched system objects:
- Assets
- Indicators
Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.