Back to Blogs
VMware Carbon Black Cloud + NSX Remediation
VMware Carbon Black Cloud + NSX Remediation
Posted on March 9, 2022
Overview
The integration between Carbon Black Cloud Workload and NSX-T orchestrates network remediations using NSX-T Distributed Firewall (DFW) policies, and associated tags. After registering the Carbon Black Cloud Workload with the NSX Manager, you can use the newly created NSX policies to remediate VM workloads within the Carbon Black Cloud console, or remove already applied NSX policies tags from certain VM workloads.
Prerequisites
- The VM workload must be associated with a Carbon Black Cloud Workload appliance that is registered with NSX, and has an active NSX connectivity. For information on registering the appliance with NSX, see VMware Carbon Black Cloud Workload Guide.
- The VM workload must have a Carbon Black Cloud sensor installed with the following versions:
- For Windows - 3.6 or later.
- For Linux - 2.9 or later.
- The VM workload must be on an NSX N-VDS (opaque network) to have the Apply NSX Tag option available.
Supported NSX Tags
| Option | Description |
|---|---|
CB-NSX-Quarantine |
With this policy, the VM workload associated with the pre-registered tag is quarantined from the network. This is a read only policy for NSX administrators. The policy only allows the following network flows:
|
CB-NSX-Isolate |
With this policy the VM workload associated with the pre-registered tag is completely isolated from the network. This is a read only policy for NSX administrators. |
CB-NSX-Custom |
This policy is fully customizable. By applying this policy, the NSX administrator can enforce any rules on VM workloads. Thus, advanced users can create a custom security posture. |
For more information see the User guide or try it out with the API documentation.