VMware Carbon Black
Sumo Logic provides a complete security analytics solution by allowing you to correlate, validate and investigate VMware Carbon Black endpoint alerts with alerts from other security vendors and security threat feeds to identify and remediate the root causes of new security threats.
The Sumo Logic App for VMware Carbon Black provides visibility into key endpoint security data from VMware Carbon Black EDR and Endpoint Standard with pre-configured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.
- VMware Carbon Black Endpoint Detection and Response (EDR) is an incident response and threat hunting solution designed for security operations center (SOC) teams. EDR continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain.
- VMware Carbon Black Endpoint Standard is a next-generation antivirus (NGAV) solution available through MSSPs or directly as software as a service through VMware Carbon Black’s Predictive Security Cloud (PSC).
Log Types
Sumo Logic analyzes the following required VMware Carbon Black events for more efficient monitoring:
- VMware Carbon Black EDR Events
- VMware Carbon Black Endpoint Standard Events
Carbon Black events are forwarded to Sumo Logic by Carbon Black, as defined in Collect Logs for Carbon Black. For more information, see Endpoint Detection Response and Endpoint Standard documentation.