Announcing VMware Carbon Black Cloud App v2.0 for IBM QRadar

Posted on December 1, 2021


Carbon Black Cloud Integration with IBM QRadar

We are proud to announce the release of version 2.0 of the unified integration that connects the VMware Carbon Black Cloud platform with IBM QRadar. Through this application, customers can eliminate disparate log sources and outdated integrations in their QRadar SIEM and streamline their security operations and processes.

The release of this application eliminates the need for disparate modules to integrate your endpoint alerts, events and response actions into the QRadar console. Using this app, joint customers can integrate their endpoint protection platform functionality and data into QRadar with a single application.

Features:

  • Multiple data input options to tailor data ingest to your use cases and data budget
  • Built-in response actions to remediate endpoints directly from the QRadar console, or pivot to the Carbon Black Cloud console for further investigation
  • Custom configuration options enable security teams to reduce noisy, known-good alerts and events and focus on providing visibility into endpoint events that pose a true risk to your security posture

Benefits:

  • Operationalize your Carbon Black Cloud data with speed and confidence
  • Reduce pivoting between consoles by integrating endpoint context and response actions directly into the QRadar console
  • Make it easier to carry out investigations across both consoles with deep links to the Carbon Black Cloud Investigate page for additional context
  • Joint customers can get up and running efficiently with the QRadar Device Support Module (DSM), which provides Carbon Black Cloud data in a format that can be indexed by QRadar out-of-the-box. This enables customers to confidently operationalize their endpoint data in QRadar without having to manually map specific fields for their events, alerts and audit logs.
  • Supports the IBM QRadar Application Framework v2, resolving IBM’s end-of-life for Application Framework v1
  • Removes dependency on legacy Carbon Black Cloud APIs, planned end-of-life January 31, 2022.
    This FAQ has more information about upcoming shutdown of v3 Alerts, Events and Process APIs.

Resources:

Have questions or feedback?