Skip to main content
Sumo Logic

Install the Carbon Black Cloud App and View the Dashboards

This page provides instructions for installing the Carbon Black Cloud App, and has examples of each of the App dashboards.

Now that you have set up collection for Carbon Black Cloud, install the Sumo Logic App.

  1. From the App Catalog, search for and select the app. 
    add-integraton-button.png
  2. To install the app, click Add Integration.
  3. On the Select Data Source for your App page:
    1. Carbon Black Cloud Alert Data Source. Enter the Source Category you assigned to the S3 source that collects alert logs.
    2. Carbon Black Cloud Event Data Source. Enter the Source Category you assigned to the S3 source that collects event logs.
    3. Folder Name. This field displays the name of the folder where the app will be installed. If desired, you can change the name of the folder. You can also browse to and select a parent folder where the app folder will be created.
    4. Click Next to install the app in the selected location.
      select-data-source.png

Once the app is installed, it will appear in the folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Carbon Black Cloud - Overview

The Carbon Black Cloud - Overview dashboard provides a high-level view of the state of your network infrastructure and systems. The panels highlight detected threats, hosts, top feeds and IOC’s, top processes, top watchlists, and alert trends.

Use this dashboard to:

  • Monitor potential threats.
  • Determine the top processes and threat indicators.
  • Track alerts.
  • Monitor hosts, users, watchlists and feeds.

Carbon-Black-Cloud-Overview.png

Carbon Black Cloud - Endpoint Standard - Overview

The Carbon Black Cloud - Endpoint Standard - Overview dashboard gives a quick overview of the Alerts, devices and TTPs.

Use this dashboard to:

  • See a count of items of interest (Devices, Alerts, TTPs, etc.)
  • An overview of top users, processes, and devices

Carbon-Black-Cloud-Endpoint-Standard-Overview.png

Carbon Black Cloud - Endpoint Standard - Alert Summary

The Carbon Black Cloud - Endpoint Standard - Alert Summary gives you summary of alerts in table format, and provides enriched data by correlating alerts with events metadata.

Carbon-Black-Cloud-Endpoint-Standard-Alert-Summary.png

Carbon Black Cloud - Endpoint Standard - Alerts

The Carbon Black Cloud - Endpoint Standard - Alerts dashboard provides insight into the Alert trends over time.

Use this dashboard to:

  • See Alert trends over time by severity and category
  • Top Alerted processes
  • Alerts by OS

Carbon-Black-Cloud-Endpoint-Standard-Alerts.png

Carbon Black Cloud - Endpoint Standard - Device

The Carbon Black Cloud - Endpoint Standard - Device dashboard gives an overview of the top alerting devices with breakdowns by OS and process.

Use this dashboard to:

  • See top devices by Alerts
  • See Alerts by device over time
  • See a breakdown of devices by OS and Process counts

Carbon-Black-Cloud-Endpoint-Standard-Device.png

Carbon Black Cloud - Endpoint Standard - TTPs

The Carbon Black Cloud - Endpoint Standard - TTPs dashboard provides a high level overview of the TTPs with breakdowns by TTP, Severity, Device, Process, and Threat Actors.

Use this dashboard to:

  • See which TTPs are the most prevalent
  • Identify any spikes in malicious activity
  • Help tune new policies and reduce false positives

Carbon-Black-Cloud-Endpoint-Standard-TTPs.png

Carbon Black Cloud - Enterprise EDR - Overview

The Carbon Black Cloud - Enterprise EDR - Overview dashboard gives a quick overview of the Alerts, devices and IOCs.

Use this dashboard to:

  • See a count of items of interest (Devices, Alerts, IOCs, etc.)
  • An overview of top users, processes, and devices

Carbon-Black-Cloud-Enterprise-EDR-Overview.png

Carbon Black Cloud - Enterprise EDR - Alert Summary

The Carbon Black - EDR - Alert Summary dashboard provides detailed information on the alerts in your environment, including alerts by mode, OS, report, and groups. The panels also show alert trends, recent alerts, and top users.

Use this dashboard to:

  • Monitor alert activity and identify spikes.
  • Monitor alerts triggered after a critical issue.
  • Track users who trigger a high number of alerts.

Carbon-Black-Cloud-Enterprise-EDR-Alert-Summary.png

Carbon Black Cloud - Enterprise EDR - Alerts

The Carbon Black Cloud - Enterprise EDR - Alerts dashboard provides insight into the Alert trends over time.

Use this dashboard to:

  • See Alert trends over time by severity and category
  • Top Alerted processes
  • Alerts by OS

Carbon-Black-Cloud-Enterprise-EDR-Alerts.png

Carbon Black Cloud - Enterprise EDR - Device

The Carbon Black Cloud - Enterprise EDR - Device dashboard gives an overview of the top alerting devices with breakdowns by OS and process.

Use this dashboard to:

  • See top devices by Alerts
  • See Alerts by device over time
  • See a breakdown of devices by OS and Process counts

Carbon-Black-Cloud-Enterprise-EDR-Device.png

Carbon Black Cloud - Enterprise EDR - IOCs

The Carbon Black Cloud - Enterprise EDR - IOCs dashboard provides a high level overview of the IOCs with breakdowns by IOC, Severity, Device, Process, and Threat Actors.

Use this dashboard to:

  • See which indicators are the most prevalent
  • Identify any spikes in malicious activity
  • Help tune new policies and reduce false positives

Carbon-Black-Cloud-Enterprise-EDR-IOCs.png