Posted on September 28, 2020
This integration is between Zscaler’s Internet Access (ZIA) Sandbox and Carbon Black Cloud Endpoint Standard or Enterprise EDR. Zscaler can scan all files before they reach the endpoint if they come through the network, but cannot scan files coming in from other methods, or prior to sensor installation.
This connector will scan for any Endpoint Standard events or Enterprise EDR processes. It pulls the processes, checks the unique hashes against a database of files that have been checked in the past, and if the file is not known, a request to Zscaler’s Sandbox is made to see if they have any information on it. If they do, or if the local database indicates the file is malicious, you can take one of the following actions:
Customers must have Carbon Black Cloud Endpoint Standard or Enterprise EDR, and must have the proper licensing from Zscaler with Sandbox enabled.
See the installation instructions on Github.