CB Defense: Is there a mechanism to detect and notify of a breach of logon controls?
book
Article ID: 287538
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Is there a built in mechanism to CB Defense to alert on a potential or successful breach of logon controls?
Environment
CB Defense Web Console: All Versions
Resolution
Currently there is no built in feature to notify of a loss of logon controls.
Additional Information
There is an open Feature Request to have the idea added into the product here: https://community.carbonblack.com/t5/Idea-Central/CB-Defense-Audit-Log-Entries-for-failed-login-attempts/idi-p/71573#M7969
Alternatively you can leverage our Audit Log API to retrieve this information: https://developer.carbonblack.com/reference/cb-defense/1/rest-api/#audit-log-events