Carbon Black Cloud Zscaler Sandbox Connector


This is an integration between Zscaler’s ZIA Sandbox and VMware Carbon Black Cloud (CBC) Endpoint Standard and CBC Enterprise EDR. While Zscaler can scan all files before they reach the endpoint if they come through the network, what happens when a file comes in via another method, or prior to sensor installation?

V1.1 of this connector was released in Dec 2021. Deprecated API calls have been replaced with Platform APIs and will require users to change their configuration to use a Custom type API key with appropriate permissions.

The connector will scan for any CBC Enterprise Standard events or CBC Enterprise EDR processes. After pulling the processes it checks all of the unique hashes against a database of files that have been checked in the past. If the file is not known, a request to Zscaler’s ZIA Sandbox is made to see if they have any information on it. If they do, or if the file is known bad from the local database, action is taken.


Requirements

  • Endpoint Standard or Enterprise EDR

Installation

  • You can install the Zscaler Sandbox Connector using GitHub.

Give Feedback

New survey coming soon!


Last modified on December 7, 2021