Back to Blogs

Announcing the VMware Carbon Black Cloud Apps for ServiceNow

Posted on July 6, 2022


VMware Carbon Black’s latest integrations combine industry-leading endpoint telemetry and response actions with ServiceNow’s solutions for IT and Security teams to accelerate cross-functional workflows through automation.

IT and Security teams can now leverage Carbon Black Cloud telemetry and endpoint response actions from within their ServiceNow console and workflows, streamlining hand-offs between analysts and standardizing common workflows.

The apps are now available in the ServiceNow app store and provide joint customers with access to pre-built ticketing and incident response workflows powered by Carbon Black Cloud data and response actions.

Create Security Incidents from Alerts

Create Security Incidents from Alerts


VMware Carbon Black Cloud for IT Service Management (ITSM)

IT practitioners can now enrich investigations with security context from Carbon Black, including device content and endpoint alerts.

VMware Carbon Black Cloud for Security Operations (SecOps):

Security Operations teams can now automate the creation of ServiceNow Security Incident tickets from Carbon Black Cloud alerts and orchestrate response actions all from a single console.

These latest applications enable customers of ServiceNow and Carbon Black to get more value out of the existing products in their stack, while also accelerating the time it takes to detect and respond to threats.

Key Features:

  • Streamlined Data Ingestion: Ingest and manage Carbon Black Cloud alerts within the ServiceNow console via the Alerts API.
  • Context Enrichment: Enrich ServiceNow tickets with device context from Carbon Black.
  • Bi-directional sync: Dismiss or update alerts in ServiceNow and have those alert actions and notes appear in the Carbon Black Cloud console
  • Multitenancy: Configure ingestion and isolation of Alerts data from multiple Carbon Black Cloud organizations via ServiceNow domain separation
  • Built-in SOAR actions: Perform core response actions, including quarantine endpoint, ban hash, get processes and kill process, from within the ServiceNow console.

    Trigger SOAR Actions from Alerts

    Trigger SOAR Actions from Alerts


    Leveraging ServiceNow to help manage and track alert actions from Carbon Black Cloud helps teams stay organized and track the actions that were previously taken to dismiss an alert, enabling security teams to streamline new analyst onboarding and increase analysts’ confidence when taking action on an alert.

Resources

For more information, check out the resources below:

Have questions or feedback?