FireMon Asset Manager
Page tree

Versions Compared

Old Version 1

changes.mady.by.user user-0d7db

Saved on

compared with

New Version Current

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The integration of Carbon Black Endpoint Detection and Response capabilities to

...

Asset Manager enables you to know whether hosts on your enterprise network are either unmanaged by Carbon Black or unknown to

...

Asset Manager. The integration enables a "deep-link" context switch from

...

Asset Manager to the Carbon Black UI, where the user can contain, isolate. and remediate "undefended" endpoints that are vulnerable to cyber attacks. The Carbon Black EDR solution continuously records, centralizes and retains activity from every endpoint to identify attacks and keep a history of an attacker's every action.

...

Asset Manager's index of all network devices ensures that Carbon Black is aware of all endpoints requiring deployment of the EDR software, so you can ensure 100% coverage to all

...

Image Removed

How Does It Work?

...

hosts

...

.

Lumeta Spectre highlights the differences and commonalities into views:

  • Spectre Only IPs: IP addresses Lumeta Spectre knows about, but are unmanaged by Carbon Black
  • Carbon Black Only IPs: IP addresses Carbon Black knows about, but are unknown to Lumeta (e.g., if Lumeta does not have access to a network or an off-network device, but Carbon Black is still aware of the client agent)
    Image Removed 
  • Carbon Black and Spectre Managed IPs: IP addresses both Lumeta and Carbon Black know about.
     Image Removed

This information is available in Lumeta Spectre via the Endpoint Management Dashboard, as well as reports and maps, facilitating identification and remediation of vulnerable and compromised endpoints.

In reviewing the data on the Spectre dashboard, users can view Device Details. If the user selects Endpoint Context/Action, it will redirect to the Carbon Black UI where the user can take action to restart, remove, sync, or isolate an endpoint.
Image Removed 
Image Removed 

Configuring the Carbon Black Feed

Configure the Carbon Black feed as follows:

  1. On

...

  1. Asset Manager's main menu, browse to Settings > Integrations >

...

  1. Carbon Black
    Image Modified 
  2. Enable the threat feed by moving Active slider to the right.
    The label changes from a red No to a green Yes.
  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily, input 12 to poll twice a day, and so on.
  4. Input your customer key.
  5. Input the IP address of your Carbon Black server.
  6. Click Submit

...

  1. .