Carbon Black Cloud
As of January 2020, we have renamed all Carbon Black products.
The Carbon Black Cloud is a cloud-native endpoint protection platform (EPP) that provides what you need to secure your endpoints using a single, lightweight agent and an easy-to-use console.
Platform APIs are available to all Carbon Black Cloud customers:
The Data Forwarder is a streaming integration mechanism which pushes data to external storage such as an AWS S3 Bucket for subsequent ingestion to a SIEM, security lake or other custom application.
The data available includes
- Alerts - updated in July 2023 to include Intrusion Detection System Alerts and Schema v2.0.0 with much richer metadata
- Endpoint Events
- Watchlist Hits
For all the detail:
Endpoint Standard — NGAV + EDR
Endpoint Standard combines the capabilities of next-generation antivirus (NGAV) + behavioral EDR to provide prevention and automated detection to defend against today’s advanced cyber attacks. Endpoint Standard is also available for Endpoint Advanced and Endpoint Enterprise customers.
Audit and Remediation
Audit and Remediation is a security operations solution that provides system audit and remote response capabilities for endpoints and workloads from a cloud-native endpoint protection platform (EPP). Audit and Remediation is also available for Endpoint Advanced and Endpoint Enterprise customers.
Enterprise Endpoint Detection and Response, or Enterprise EDR, is a cloud-based threat hunting and incident response (IR) solution that delivers continuous visibility for top security operations centers (SOC) and IR teams. Enterprise EDR is also available for Endpoint Enterprise customers.
Workload helps you reduce the attack surface and protect critical assets with advanced security purpose-built for workloads. Increase visibility across your environment and simplify operations for IT and security.
VMware Carbon Black Container is a comprehensive security solution for both on-premise and cloud-native workloads by offering visibility, hardening, vulnerability management, and runtime protection capabilities.
Carbon Black Cloud APIs are authenticated using API Keys.
Role Based Access Control (RBAC)
Carbon Black Cloud APIs support Role-Based Access Control. To learn about how to leverage RBAC using APIs, view our guide here.
Carbon Black Cloud services that enforce rate limits and the expected behavior when they are exceeded.
New survey coming soon!
Last modified on February 22, 2021