Install the VMware Carbon Black App and view the Dashboards
This page provides instructions for installing the VMware Carbon Black App and has examples of each of the App dashboards. The VMware Carbon Black App dashboards are organized in the following categories, according to their function:
- VMware Carbon Black Endpoint Detection and Response (EDR) is an incident response and threat hunting solution that continuously records and stores unfiltered endpoint data, allowing security professionals to track potential threats in real-time.
- VMware Carbon Black Cloud Endpoint Standard is a next-generation antivirus (NGAV) and endpoint detection and EDR solution.
Install the App
This section demonstrates how to install the VMware Carbon Black EDR and Cloud Endpoint Standard App.
To install the app, do the following:
Dashboard filters
Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.
Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.
Carbon Black - EDR - Overview Dashboard
The Carbon Black - EDR - Overview dashboard provides a high-level view of the state of your network infrastructure and systems. The panels highlight detected threats, hosts, top feeds and IOC’s, top processes, top watchlists, and alert trends.
Use this dashboard to:
- Monitor potential threats.
- Determine the top processes and threat indicators.
- Track alerts.
- Monitor hosts, users, watchlists and feeds.
Carbon Black - EDR - Alerts Dashboard
The Carbon Black - EDR - Alerts dashboard provides detailed information on the alerts in your environment, including alerts by mode, OS, report, and groups. The panels also show alert trends, recent alerts, and top users.
Use this dashboard to:
- Monitor alert activity and identify spikes.
- Monitor alerts triggered after a critical issue.
- Track users who trigger a high number of alerts.
Carbon Black - EDR - Feeds Dashboard
The Carbon Black - EDR - Feeds dashboard provides detailed information on total feeds, feed trends, top and recent feeds, feed comparisons, and processes related to feeds.
Use this dashboard to:
- Monitor feed activity and identify spikes.
- Correlate processes and feeds.
- Compare feeds over time.
Carbon Black - EDR - Indicators of Compromise Dashboard
The Carbon Black - EDR - Indicators of Compromise dashboard shows details on indicators of a compromised environment, as well as status for IOCs. The panels also provide an at-a-glance view of top malicious IPv4 addresses, top IOC DNSs, queries and query based feeds.
Use this dashboard to:
- Determine the locations of attacks.
- Track suspicious DNSs.
- Determine which queries receive the most hits.
Carbon Black - EDR - Network Dashboard
The Carbon Black - EDR - Network dashboard provides networking details for top protocols, local and remote ports, and unique IP addresses.
Use this dashboard to:
- Determine the geographic location of network connections.
- Monitor ports.
- Review a list of CB servers.
Carbon Black - EDR - Processes Dashboard
The Carbon Black - EDR - Processes dashboard provides details on the processes that generate events.
Use this dashboard to:
- Review processes used to modify registries and files.
- Monitor command line processes, and top paths for processes that generate alerts.
Carbon Black - EDR - Sensors Dashboard
The Carbon Black - EDR - Sensors dashboard provides details of the sensors in your environment, such as sensor activity, trends and activity over time, and operating system.
Use this dashboard to:
- Identify sensors that are not reporting over a specified time period.
- Monitor sensor activity and rate spikes.
Carbon Black - EDR - Threat Intelligence Dashboard
The Carbon Black - EDR - Threat Intelligence dashboard allows you to monitor threats on your network, categorized by feed, score, and severity. You can view recent threats, trends over time, and hosts affected by threats.
Use this dashboard to:
- Review threats over specified time periods.
- Filter threats by severity to focus on high priority threats.
- Identify hosts with the greatest number of threats.
Carbon Black - EDR - User and Host Alerts Dashboard
The Carbon Black - EDR - User and Host Alerts dashboard provides an at-a-glance view of user and host activity.
Use this dashboard to:
- Monitor alert trends
- Identify users responsible for the most alerts.
- Monitor user activity
- Review outbound and inbound alert activity.
Carbon Black - EDR - Watchlists Dashboard
The Carbon Black - EDR - Watchlists dashboard provides details on watchlists, including the number of watchlists, top watchlists, trends, and comparisons over time.
Use this dashboard to:
- Identify the watchlists with the most hits in each category.
- Monitor hits for individual watchlists and determine activity spikes.
Carbon Black - Endpoint Standard - Overview Dashboard
The Carbon Black - Endpoint Standard - Overview dashboard provides a high-level view of the state of your network security, showing the number of detected threats, alerts, indicators of compromise, devices, users, and groups. The panels also highlight alert trends, top users, indicators, devices, applications, and reasons.
Use this dashboard to:
- Quickly review your infrastructure security status.
- Understand what areas of the infrastructure are experiencing issues.
- Determine how the infrastructure is being utilized by taking a look at top users, applications and devices.
Carbon Black - Endpoint Standard - Indicators of Compromise Dashboard
The Carbon Black - Endpoint Standard - Indicators of Compromise dashboard provides an at-a-glance view of indicators of threats to a secure network by severity, application, and the number of unique instances. A breakdown of each known indicator is also shown.
Use this dashboard to:
- Review which indicators are affecting your system.
- Understand how severity and the applications relate to the indicators.
Carbon Black - Endpoint Standard - Threat Intelligence Dashboard
The Carbon Black - Endpoint Standard - Threat Intelligence dashboard provides details on the threats on your network, including the number of threats, their severity, and threat outliers. The panels also show details on the top devices affected by threats, recent threats, and a rating score of threats.
Use this dashboard to:
- Review the threats identified in your infrastructure.
- Investigate the threats by understanding the severity and scores of the threats.
Carbon Black - Endpoint Standard - Alerts Dashboard
The Carbon Black - Endpoint Standard - Alerts dashboard provides detailed information on security-related alerts in your environment, including the number of alerts, severity, and trends over time. The panels also show information on alert policies, device operating systems (OS), and most recent alerts.
Use this dashboard to:
- View an overall picture of all the alerts being generated.
- Understand the classification of alerts based on different criteria, such as Severity, Policy, and Score.
- Monitor spikes in alerts over time.
Carbon Black - Endpoint Standard - Device Dashboard
The Carbon Black - Endpoint Standard - Device dashboard provides a high-level view of the devices on your network, including the number of devices, geographic locations, and operating systems. The panels also show information on device groups, incidents, alert severity, and target priority.
Use this dashboard to:
- Monitor device classification by OS, Group, and Target Priority.
- Track the devices generating the highest number of incidents.
- Determine the most common location of the devices generating alerts to isolate threats.