×

Cb Defense Agreement

Χωρίς κατηγορία

Cb Defense Agreement

“eventTime”: 1517863503153, “policyAction”: “applicationName” “svchost.exe,” “action”: null, “reputation”: “TRUSTED_WHITE_LIST,” “sha256Hash”: “1d35014d937e02e090a0cfc903e6e6e6b1b65c8326 94519f2b4dc4c74d3eb0fd,”eventDescription”: “[jason-splunk-test-action-deny] [Confer has blocked a threat to you.] [An executable file was RUN_BLOCK on a registered device for jgarman+po@carbonblack.com.] [Group: jan09-demo] [peripheral: WIN-IA9NQ1GN8OI] [SHA256: 1d35014d937e02ee090a0cfc903ee6e6b1b65c832694519f2b4dc4c74d3eb0fd]`n”, “url”: “defense-eap01.conferdeploy.net/investigate?s[searchWindow]=ALL&s[c QUERY_STRING_TYPE][0]=f05da555 60ab411e8834a939ef3e75232&s[c][DEVICE_ID][0]=5798”, “deviceInfo”: “deviceName”: “WIN-IA9NQ1GN8OI”, “targetPriorityCode”: 0, “internalIpAddress”: “172.22.5.141”, “deviceHostName”: null, null, “groupName”: “jan09-demo”, “externalIpAddress”: “70.106.217.80”, “deviceType”: “WINDOWS”, “deviceId”: 5798, “targetPriorityType”: “LOW”, “email”: “jgarman+po@carbonblack.com”, “deviceVersion”: null, “ruleName”: “jason-splunk-test-action-deny”, “type”: “POLICY_ACTION” – Wir können die Sensorrichtlinie nach Hostname mithilfe des Eingabetyps = Hostname oder Hostnameexact ändern und das Feld `deviceInfo.deviceName` als Ziel verwenden. To use deviceId as a destination, use deviceInfo.deviceId and inputtype – hostname In general, Splunk operators don`t just use data provided by cb defense Add-on for Splunk – but must configure the Adaptive Response action accordingly. The application is loaded with a cbdefense search macro in default/macros.conf that defines black defense carbon events. This is used to power most visualizations. To support all application cases, it is by default on: index sourcetype (carbonblack:defense:json) This agreement consists of this basic agreement, the conditions contained in the product supplement and the corresponding guidelines. In the event of a conflict between the conditions set out in the basic agreement and the conditions set out in the addendum to the product, the conditions of this addendum are checked. This end-user agreement (the “agreement,” also known as “EULA” elsewhere) is a legal agreement between the company that enters into this agreement and Carbon Black, Inc., a Delaware company (“Carbon Black”).