Posted on January 11, 2023
The latest policy release has added an important functional component to the Carbon Black Cloud. Core Prevention simplifies policy management and provides increased control over your Endpoints and Workloads.
For the API documentation see the following section of the Policy API Core Prevention
Since late 2020, the Carbon Black Threat Analysis Unit (TAU) has been crafting and publishing high-fidelity prevention rules to 3.6+ Windows sensors. These rules protect customers from a variety of different types of late-breaking, high-impact attacks without the need for customers to change policy configurations.
Despite the high-fidelity and low false positive rate of these preventions, we recognize that customers sometimes have business-critical assets that perform certain behaviors and trigger false positives. In this release, we are providing customers with new configuration options to set TAU-published prevention categories to Alert Only if necessary within their policies.
For more information on the categories shown here, please visit Core Prevention User Guide
If you receive an alert that a Core Prevention rule generated, you will be able to see what Core Prevention category caused the alert directly from the Alert.
Rule Configs: A Rule Config is a type of setting within the policy page that allows users to make adjustments to Carbon Black-defined rulesets. Modifications can include toggling between
Alert Only and
Block and Alert on a per-operating system basis when the configuration applies to multiple operating systems.