2023 Recap - December Newsletter
Hope you’re ending 2023 on a high note
In this December Newsletter we’ve rounded up all the significant improvements Carbon Black has made throughout 2023.
Carbon Black is Back!
New Features in Carbon Black Cloud
- Alerts Enhancement
- Ability to use IP and host information to attribute network traffic from external systems to process, MITRE TIDs, sophisticated fingerprinting (JA3, Community ID), TLS and HTTP headers at the individual event level
- Intrusion Detection (IDS) and Network Traffic Analysis (NTA) telemetry and alerts
- XDR network telemetry baked into v1.1.0 Endpoint Event Forwarder
- Observations replaces Enriched Events
- New Policy Controls
- Asset Groups
- Sophisticated, dynamic grouping criteria
- Assets can be assigned to multiple groups
- Immediate integration with NGAV Policies, and further integrations across Carbon Black Cloud planned in 2024
- Note: manual migration is needed for existing Sensor Groups
- API Key Updates
- Use the Audit Log API with a Custom Type API Key
- Custom Type API keys can be restricted to authorized IP addresses
- Visibility of the Last API Key Session Refresh Time !!Part of 1.21 release - blog in PR (maybe)!!
- Container Security - new features and APIs for automation
- CIS Benchmark APIs
- Measure and report compliance of organizational workload assets against industry standard benchmarks
New and Updated Integrations for Carbon Black Cloud
- NEW! ServiceNow
- Apps for ServiceNow SecOps, ITSM and Vulnerability Response modules of ServiceNow
- UPDATED! Python SDK
- v1.5.0 with support for Alerts v7 API. Now command lines are included in the alert - no need for an enrichment call!
- UPDATED! Splunk App
- updates throughout the year.
- Next version in early 2024 to support Alert API v7 and Data Forwarder Schema v2.
- NEW! Splunk SOAR App
- UPDATED! IBM QRadar APP
- REBUILT! Syslog Connector 2.0
- Built to use the Alerts v7 API, making all the metadata available in the syslog message
- Configure with a
CustomAccess Level type for Audit Logs
- Customizable templates to send the data you need
Making Integrations Easier
- NEW! Carbon Black Postman Workspace
- Don’t just get the documentation, get an interactive workspace
- IMPROVED! API and Use Case Guides
- Find task specific guides and an overview for SOAR actions
- IMPROVED! Python SDK Guides and examples
- More code snippets in the SDK documentation
- Dedicated guides for new and popular use cases
- Easy to run example scripts in GitHub
Deprecated APIs and Data Forwarder Schema
With all the new functionality, integrations need to be updated to take advantage.
The superseded APIs and Schema will be DEACTIVATED (turned off, not available) in the second half of 2024.
Find out how to migrate here.
- Find the latest server and sensor versions in the Carbon Black EDR Documentation
App Control Releases
- Find the latest server and sensor versions in the Carbon Black App Control Documentation
Coming Early in the New Year
- Carbon Black Cloud Python SDK 1.5.1 & 1.5.2
- Asset Groups
- Script Deobfuscation
- Alert Extensions
- Live Query Scroll for large result sets
- Updated Apps
- Using New Alerts Schema - API v7 and Forwarder v2
- Using Simplified API Key Configuration
- Carbon Black Cloud App for QRadar v2.3
- Carbon Black Cloud App for Splunk v2.0
- Carbon Black Cloud Apps for ServiceNow
- New Data Forwarder types and destinations
- Follow the Roadmap
- Find all the recent announcements here
Subscribe to the newsletter
Sign-up here to get updates to your mailbox each month