Announcing Differential Analysis for Carbon Black Cloud Audit and Remediation
Posted on July 18, 2022
Resources
Customers with Carbon Black Cloud Audit & Remediation can now perform differential analysis on scheduled queries using the Differential Queries API. This feature will allow users to answer the question, “What has changed since the last time this query ran?”
The Differential Analysis API enables users to only view changes to the results of scheduled queries between different sessions, saving time and manual effort by making it easier to track system changes over time. This release automates a formerly manual process so that analysts can spend less time identifying devices for remediation and more time remediating the devices that are out of compliance.
Carbon Black Cloud Audit & Remediation provides osquery functionality directly within the Carbon Black Cloud console, enabling users to ask questions and take action on their endpoints and workloads in real time. Audit & Remediation helps quickly answer questions about IT hygiene, compliance with internal and external guidelines, and respond directly with the ability to remotely update system configurations.
Differential Analysis can be used to monitor files, folders, and registry keys with a low probability for change to identify indicators of compromise, including:
- Persistence: Monitor for changes or modifications to the configuration of endpoints that could represent evidence of persistence, tampering, malicious intent, or a subversion of established security baselines.
- Security Posture Changes: Monitor security settings such as drive encryption, password standards, service stoppages, and RDP events.
- Browser Extension Modifications: Track new installations and changes to existing extensions in order to understand end-user usage and monitor for unexpected changes.
Value
- Automate tracking of system changes over time.
- Create baselines for devices and quickly respond if a system is misconfigured.
- Reduce the time it takes to discover and remediate systems that are not in compliance with internal and external guidelines.
Resources
- API Documentation
- Audit & Remediation Getting Started guide
- Best Practices : Carbon Black Cloud Audit and Remediation
- Community Announcement
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
- Report bugs and change requests to Carbon Black Support