VMware Carbon Black Protection Operation
Overview
The VMware Carbon Black Protection operation is used to apply policy rules to MD5, SHA-1 and SHA-256 hashes in CB Protection. The rules it can apply are ban, approve, or unapprove. When executed the operation sends the selected hash from ThreatQ to CB Protection and applies the rule a Threat Analyst has selected.
The operation provides the following actions:
-
Create Rule for Hash
The operation is compatible with the following indicator types:
-
MD5
-
SHA-1
-
SHA-256