Announcing VMware Carbon Black Extended Detection and Response (XDR)

Posted on March 15, 2023

---

VMware Carbon Black Extended Detection and Response (XDR) greatly enhances lateral security by leveraging telemetry. Security teams can leverage VMware Carbon Black XDR to quickly identify threats across their environment and make better-informed decisions in applying prevention policies.

You can visualize and analyze relevant network data. For example:

• Signatures of network connections (JA3 and JA3S thumbprints)
• Network intrusion detection
• Security wrapper details (TLS data)
• Signer of certificate (encryption - TLS data)
• HTTP details

Requirements

• XDR is an add-on to Carbon Black Enterprise EDR
• Auth Events is included with Carbon Black Enterprise EDR
• Both require the Carbon Black Cloud Windows Sensor 3.9.1 MR1+

API Information

• Search fields for Observations, Auth Events and Processes
• Observations API
• Auth Events API
• Network Threat Metadata API

Resources

• VMware Security Blog
• Tech Zone - XDR Overview
• Tech Zone - Identity Intelligence - Auth Event Breakdown
• Carbon Black XDR User Guide
• Carbon Black Cloud Release Notes
• Observations on the Investigate Page

Have questions or feedback?

• Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
• Report bugs and change requests to Carbon Black Support
• Give us feedback