pdf

Picus & VMware Carbon Black SB (2020).pdf
Picus & Vmware Carbon Black Sb (2020)

Solution brief detailing the integration of Picus detection analytics with Carbon Black EDR.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the main goal of the Picus & Carbon Black integration?
    A: To help customers better utilize their EDR investments and validate endpoint detection capabilities.
  • Q: What is 'EDR'?
    A: Endpoint Detection and Response.
  • Q: How does Picus help EDR admins?
    A: By providing guidance on which existing rules/watchlists should be activated.
  • Q: What if a watchlist doesn't exist for a specific threat?
    A: Picus Labs provides custom watchlists developed by their security experts.
  • Q: How are the watchlists delivered?
    A: They are provided directly in the Picus UI.
  • Q: What is a 'Watchlist' in Carbon Black?
    A: A saved search or rule used to detect specific events or behaviors.
  • Q: Does Picus test its watchlists?
    A: Yes, Picus Labs applies rigorous testing to avoid false positives.
  • Q: What specific attack scenario is shown in the example?
    A: Network Share Connection Removal Attack.
  • Q: What technique is used in the example attack?
    A: JavaScript Execution via Rundll32.
  • Q: What MITRE ATT&CK tactic is 'Rundll32' associated with?
    A: Defense Evasion and Execution.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.