Blogs

Important Announcement - VMTN Communities Integration into Broadcom Ongoing

By Julia Klaus posted 2 days ago
3 people recommend this.
Transition Date: May 6, 2024 We’re excited to share that VMware Communities is embarking on a new journey as we transition to a new platform under Broadcom Communities. This transition marks a significant step forward for our community, offering numerous benefits and opportunities for growth, improvements, and enhancements aimed at providing our users with a more seamless and engaging community experience. What to Expect: Enhanced Communities Structure: While maintaining our VMware Community Environment, including discussion areas, product pages, document folders, and announcements, the community has been significantly enhanced. ...
0 comments

Important Announcement: Carbon Black Community Integration into Broadcom is Ongoing

By Julia Klaus posted 2 days ago
1 person recommends this.
How to Prepare for the Transition: Official Launching Date: May 6, 2024 We’re excited to share that the Carbon Black Community is migrating under Broadcom Communities. The transition is scheduled for May 6, 2024. Key Points: DNS Cutover on Legacy Community: Date and Time: On Sunday, May 5th, at 5:00 PM Pacific Time, DNS will be turned off on the legacy community. To ensure continuous customer support without interruption, the Carbon Black Community will be visible for customers on Broadcom Community on May 5th at 5:00 PM Pacific Time within the Symantec Division. ...
0 comments

Rally Newsletter - April 2024

By Michael Lentini posted 3 days ago
Be the first person to recommend this.
April 2024 Welcome to the Rally ® monthly newsletter. Product updates, announcements, and resources. 2024 Value Stream Management Summit Don't miss out on the 2024 Value Stream Management Summit, Making Waves! Join industry leaders from the London Stock Exchange , Cox Automotive, Southern Company , and more as they share how to focus on what matters most by harnessing the power of VSM. Join us live on April 24. Rally Office Hours - Moving to Zoom Beginning May 2, Rally Office Hours will be now hosted ...
0 comments

Rally Newsletter - March 2024

By Michael Lentini posted 3 days ago
Be the first person to recommend this.
March 2024 Welcome to the Rally ® monthly newsletter. Product updates, announcements, and resources. Rally Unites the Enterprise Rally unites the enterprise by improving visibility, creating alignment, and optimizing the efficiency of your organization. Learn how with Rally, you get out-of-the-box leadership reporting at all levels that automatically roll up data across hybrid methodologies and autonomous teams. See how Rally enables you to plan, prioritize, manage, and measure at every level of the organization to deliver maximum customer value. ...
0 comments

MCS Enables Zero-Touch Monitoring and Alarm Configuration with DX UIM

By Steven Guthrie posted 12 days ago
Be the first person to recommend this.
MCS streamlines management of monitoring configurations & alarm policies for 100s of target devices simultaneously through templates and profiles. It leverages DX UIM groups to apply zero-touch monitoring & creates intuitive dashboards to provide a perspective of deployment as per devices & groups. For information on MCS, read this blog & access the MCS Customer Adoption Guide. READ BLOG
0 comments

Carbon Black Cloud: ModularInputs Errors After Upgrading to Splunk App 2.0 or Higher

By CB_Support posted 12 days ago
Be the first person to recommend this.
Environment Carbon Black Cloud: All Supported Versions Splunk App: 2.0.0 and 2.1.0 Symptoms After upgrading the CBC Splunk App it starts erroring Seeing "ERROR ModuleInputs" and "SyntaxError: invalid syntax" errors Cause Potential known issue in EA-24507 which is being worked on Resolution A fix is being worked on in the next version of the Splunk App Additional Notes To gather logs please follow the directions here Related Content Carbon Black Cloud: How to fetch logs for VMware Carbon Black Cloud App for Splunk #EnterpriseEDR #CarbonBlackCloud #EndpointStandard
0 comments

Carbon Black Cloud: Old False Positive Vulnerabilities Are Appearing

By CB_Support posted 12 days ago
Be the first person to recommend this.
Environment Carbon Black Cloud: April 2024 Symptoms Starting 4/18/2024 vulnerabilities that have already been patched are showing in the console Cause Being tracked under EA-24571 since the move to using the CVSS score some old vulnerabilities are appearing again Resolution Engineering is looking into the issue If immediate dismissal for these vulnerabilities is needed please follow the steps here Related Content Re: TMP files getting left on Desktop with v3.0.1.1 sensors? VMware Carbon Black Cloud on VMware Cloud Services Platform Release Notes Dismiss a Vulnerability for Multiple Assets #ManagedDetection ...
0 comments

Carbon Black Cloud: Host-Based Firewall rules not applying because Windows network policy doesn't update when connecting to VPN

By CB_Support posted 13 days ago
Be the first person to recommend this.
Environment Carbon Black Cloud Sensor: All Supported Versions Carbon Black Cloud Host-Based Firewall Windows OS: All Supported Verisons Global Protect VPN Symptoms When connecting to Global Connect VPN, the Windows OS firewall policy is not updating to show connected to the "DOMAIN" policy, and instead shows "PUBLIC" policy is still connected. Cause This is a known Windows OS issue and not related to the Carbon Black Cloud sensor. Resolution This behavior is documented by Microsoft: Firewall profile doesn't switch to Domain when you use a third-party VPN - Windows Client #CarbonBlackCloud #EndpointStandard
0 comments

EDR: How to Determine if a Binary has been Received by the Server and Scanned by Yara

By CB_Support posted 13 days ago
Be the first person to recommend this.
Environment EDR: 7.x and Higher Yara: 2.x Objective To determine whether a specific hash value has been uploaded to the EDR server and whether Yara has already scanned it. Resolution Querying PGSQL A record of all collected hashes is stored on the primary server pgsql db in the storefiles table. To see a specific record : On the primary server, run: # psql -d cb -p 5002 -c "select * from storefiles where md5hash='\x<hash>';" where <hash> is the lower-case value of the md5sum being queried. example: md5hash='\x22ea17f020dc46f8bb4270cb31358acc ';" The '\x' is generally required. Run: # psql -d cb -p 5002 ...
0 comments

App Control: How To Create a File Creation Control Rule

By CB_Support posted 13 days ago
Be the first person to recommend this.
Environment App Control Agent: All Supported Versions App Control Console: All Supported Versions Objective How to use Events in the Console to create a File Creation Control Rule. Resolution Step 1: Determine Matching Process and File Patterns: Log in to the Console and navigate to Reports > Events. Use the Filters or Saved Views to locate the matching Events, examples: Saved View: New Files (Unapproved) <and/or> Filters: File Path > begins with: <and/or> Filters: Type > is > Discovery Verify the Description of the Events: DiscoveredBy: [Kernel:Execute] or [IntegrityCheck] indicates ...
0 comments

Carbon Black Support Transition to Broadcom

By CB_Support posted 16 days ago
Be the first person to recommend this.
Environment Carbon Black Support: All Products Question How is Carbon Black Support transitioning to Broadcom? Answer The process of transitioning to Broadcom systems and the necessary migration of Carbon Black systems will begin at approximately 5:00 p.m. (PDT) on Tuesday, April 30, 2024, and conclude on Sunday, May 5, 2024, at approximately 7:30 p.m. (PDT). Between those two dates, if you need support, please continue submitting a support case through Carbon Black User eXchange (UeX). To ensure a smooth transition and shutdown process, beginning at approximately 5:00 p.m. PDT on Wednesday, April 30, 2024, customers will only be able to ...
0 comments

Endpoint Standard: How to Identify a Supported Device for Device Control (MacOS)

By CB_Support posted 17 days ago
Be the first person to recommend this.
Environment Carbon Black Cloud Console: November '20 Release (0.60) and Higher Endpoint Standard MacOS Sensor: 3.5.3.82 and Higher MacOS: All Supported Versions Objective How to identify if a USB device is supported for device control for MacOS endpoints Resolution On MacOS, the RepCLI utility does not support the device all command, so unlike Windows, this is not an option for MacOS endpoints If the USB Mass Storage Device is reported in Carbon Black Cloud and is visible under the Inventory page, then it is supported for device control Additional Notes The Device Control supports only USB devices with the device type being ...
0 comments

Error: "Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints."

By CB_Support posted 17 days ago
Be the first person to recommend this.
Environment App Control Server: All Supported Versions Symptoms Error seen in the server reporter log : Failed to enable constraints. One or more rows contain values violating non-null, unique, or foreign-key constraints. Cause These errors are caused by some queries used for reporting purposes. This does not cause any issues with the server or its functionality. Resolution These messages can be ignored. An investigation is underway (EP-19070) to clean this up a future release. #AppControl
0 comments

Workload: How to migrate the Appliance to another vCenter

By CB_Support posted 17 days ago
Be the first person to recommend this.
Environment Carbon Black Cloud Console: All Versions Workload vCenter: All Supported Versions Objective To migrate the Workload Appliance to another vCenter Resolution Delete the existing Workload Appliance following the steps here . Deploy the Workload Appliance on the new vCenter following the steps here . Additional Notes VMs from the original vCenter will remain in the Carbon Black Cloud console. Any VMs from the new vCenter will be ingested into Carbon Black Cloud and would then be able to be enabled. Related Content Delete Appliance from vCenter Server Step 1: Deploy and Configure Carbon Black Cloud ...
0 comments

EDR: Windows Sensor not Detecting Carets Used in the Command Line

By CB_Support posted 17 days ago
Be the first person to recommend this.
Environment EDR Windows Sensor: All Versions Symptoms Process search for the caret character in the command line does not return any results Cause Special Character such as the caret are removed from the command line by the operating system Resolution This is a result of the operating system and not an issue with the sensor Additional Notes Attackers may use the caret in the command line as an obfuscation technique The sensor will still capture the command line, but without the caret Related Content Commandline Obfusaction | Red Team Notes #EDR
0 comments

Announcing General Availability of the 8.7.22 Carbon Black App Control Linux Agent

By Larry Howarth posted 17 days ago
Be the first person to recommend this.
We are pleased to announce the release of the Carbon Black App Control 8.7.22 Linux agent. The Carbon Black App Control v8.7.22 Linux agent is a maintenance release limited to resolving 2 important issues. For more details, see the Resolved Issues section of the 8.7.22 Linux Agent Release Notes . To download the 8.7.22 Linux agent, please visit this link . Note you must be signed into the UEX for the download to initiate. #AppControl
0 comments

VxRail: VxRailログバンドル作成(VxRail 7.0/8.0以降)

By vvjapanescalati posted 18 days ago
Be the first person to recommend this.
この記事ではVxRailログバンドル(VxRail Support Bundle)の作成方法を紹介します。 なおこの記事は参考資料となりますので、公式手順については参考資料欄をご参照ください。 VxRailログバンドルとは、VxRailの管理コンポーネントであるVxRail Managerが保持している情報を一括して取得するログです。 主にVxRail Manager GUI上のエラー、VxRail Upgradeやノード/ディスク追加時のトラブルシューティングで利用されます ■GUIでの取得方法 ■CLIでの取得方法 ■GUIで取得できない場合の対処 ■ GUI での取得方法 GUIでの取得ができない場合は、 ■CLIでの取得方法 をご利用ください。 ●VxRail 7.0.XXX / 8.0.XXX 1.VxRail Managerのログ収集メニューの表示 vSphere Client にアクセスし、左ペインの[ VxRail クラスタ] > [構成]タブ > [VxRail ] > [ サポート ] 欄を選択 サポートの項目にある " トラブルシューティング " をクリックすることで、"ログ コレクション"が表示されます ※7.0. 480 未満の場合は、[ VxRail クラスタ] > [構成(設定)]タブ > [VxRail ] > [ トラブルシューティング] 欄に"ログ ...
0 comments

EDR: The Syncing Status Remains on the Console

By CB_Support posted 18 days ago
Be the first person to recommend this.
Environment EDR Server: 7.8.0 Linux Sensor: 7.1.2 Symptoms The 'Online Syncing' status does not clear after requesting a 'Sync' from Linux sensors in the EDR Console. Cause The 'Sync' request immediately is sent to the sensor and the sensor responds. However, one of the date fields in the response contains an incorrect value which never meets a condition to remove the 'Online Syncing' status. Resolution A temporary workaround to remove the Sync status is to restart the sensor. Run commands locally as root. systemctl stop cbdeamon ps -ef | grep cb (confirm cbdaemon is not running) systemctl start cbdeamon Or use Live Response to ...
0 comments

Carbon Black Cloud: cURL error 35 SEC_E_INVALID_TOKEN 0x80090308

By CB_Support posted 18 days ago
Be the first person to recommend this.
Environment Carbon Black Cloud Console: All supported versions Carbon Black Cloud Sensor: All supported versions Microsoft Windows: All supported versions Symptoms cURL is returning the following error: curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid Cause Not all the Digital Signature Algorithm (DSA) required to talk with to our backend are present. Resolution For TLS 1.3, we need at least one RSAE DSA: RSAE-PSS/SHA256 RSAE-PSS/SHA384 RSAE-PSS/SHA512 For TLS 1.2, we need at least one RSA or RSAE DSA: RSAE-PSS/SHA256 RSAE-PSS/SHA384 RSAE-PSS/SHA512 RSA/SHA256 RSA/SHA384 RSA/SHA1 RSA/SHA512 ...
0 comments

Extending Element OPTIONS - Not all Elements are alike

By Joseph Walther posted 18 days ago
2 people recommend this.
Introduction Not all mainframe programs are alike. Each programming language has a unique compiler for translating source code into executables. Additional program attributes require further processing variations. For example, a COBOL program might require a specific compiler, a Reentrant attribute, an MQ stub, Amode/Rmode values, or a hundred others. If an attribute is not processed properly, a program might not build at all, or if it might build, but not run properly. This document presents an approach that empowers Endevor Administrators to manage an unlimited number of program attributes in an adaptable and user-friendly way. The ...
0 comments