VMworld and Code Connect Sessions
Posted on October 5, 2021
On October 5th - 6th 2021, VMware will host VMworld, including Code Connect.
Register here to join the sessions live, or view on demand after the event.
During this event there will be several sessions to help customers leverage the full power of the Carbon Black Cloud through open APIs and technical integrations. After the live portion of the event has passed, you can still register to access the sessions on-demand. The following session highlight interesting ways to use Carbon Black Cloud APIs, the Python SDK and integrations.
Operationalizing Carbon Black Cloud for the Modern SOC
In the VMworld 2021 session Operationalizing Carbon Black Cloud for the Modern SOC - 1148, Bruce Deakyne and Ryan Fortress provide an overview of key Security Orchestration, Automation, and Response (SOAR) workflows that can be implemented using the Carbon Black Cloud and open-source orchestration tools.
The demo leverages the Carbon Black Cloud Python SDK with a Jupyter Notebook to implement common Context, Remediation, and Orchestration SOAR actions. End-to-end security workflows, such as credential scraping and malware, tie these actions together.
- Operationalizing Carbon Black Cloud for the Modern SOC - 1148
- Carbon Black Cloud Python SDK
- Open Source Jupyter Notebook
Integrating IBM QRadar with Carbon Black Cloud
In the session Integrating IBM QRadar with Carbon Black Cloud - CODE2781 Milen Rangelov will demonstrate how to use QRadar to import Carbon Black Cloud data and view it alongside alerts from other system, triage the alerts and initiate actions in Carbon Black Cloud from QRadar. This presentation will go through the types of data that can be brought from Carbon Black Cloud to QRadar and the actions available.
Automating Ransomware Remediation
In the session Automating Ransomware Remediation with the VMware Carbon Black Cloud SDK - CODE2782 join Emanuela Mitreva and and Alex Van Brunt to see the Carbon Black Cloud Python SDK in action to automate and script default actions to collect the events associated with the alert and quarantine the device, then use Live Response to delete the known malware.