Back to Blogs

Announcing the VMware Carbon Black Cloud Apps for ServiceNow

Posted on July 6, 2022

---

VMware Carbon Black’s latest integrations combine industry-leading endpoint telemetry and response actions with ServiceNow’s solutions for IT and Security teams to accelerate cross-functional workflows through automation.

IT and Security teams can now leverage Carbon Black Cloud telemetry and endpoint response actions from within their ServiceNow console and workflows, streamlining hand-offs between analysts and standardizing common workflows.

The apps are now available in the ServiceNow app store and provide joint customers with access to pre-built ticketing and incident response workflows powered by Carbon Black Cloud data and response actions.

VMware Carbon Black Cloud for IT Service Management (ITSM)

IT practitioners can now enrich investigations with security context from Carbon Black, including device content and endpoint alerts.

VMware Carbon Black Cloud for Security Operations (SecOps):

Security Operations teams can now automate the creation of ServiceNow Security Incident tickets from Carbon Black Cloud alerts and orchestrate response actions all from a single console.

These latest applications enable customers of ServiceNow and Carbon Black to get more value out of the existing products in their stack, while also accelerating the time it takes to detect and respond to threats.

Key Features:

• Streamlined Data Ingestion: Ingest and manage Carbon Black Cloud alerts within the ServiceNow console via the Alerts API.
• Context Enrichment: Enrich ServiceNow tickets with device context from Carbon Black.
• Bi-directional sync: Dismiss or update alerts in ServiceNow and have those alert actions and notes appear in the Carbon Black Cloud console
• Multitenancy: Configure ingestion and isolation of Alerts data from multiple Carbon Black Cloud organizations via ServiceNow domain separation
• Built-in SOAR actions: Perform core response actions, including quarantine endpoint, ban hash, get processes and kill process, from within the ServiceNow console.
  
  

  

  
  Leveraging ServiceNow to help manage and track alert actions from Carbon Black Cloud helps teams stay organized and track the actions that were previously taken to dismiss an alert, enabling security teams to streamline new analyst onboarding and increase analysts’ confidence when taking action on an alert.

Resources

For more information, check out the resources below:

• Installation, Configuration and User Guides - latest version
• ServiceNow App store
  • VMware Carbon Black Cloud for IT Service Management
  • VMware Carbon Black Cloud for Security Operations

Have questions or feedback?

• Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
• Report bugs and change requests to Carbon Black Support