CBC: Does Carbon Black Alert on CVE Actions?
search cancel

CBC: Does Carbon Black Alert on CVE Actions?


Article ID: 287673


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


Does Carbon Black Alert on this Action found in this CVE?


  • Carbon Black Cloud:  All Products


  • No, the actions seen by the abuse of a CVE are normally within the normal operations of usage.  Creating a new specific rule for each CVE would not be maintainable.
Example:  If the CVE reports Firefox versions < 82.0.3 (CVE-2020-26950) are vulnerable.  Alerts should not occur for each use of Firefox.  Instead, the vulnerability requires a certain environmental configuration before or after Firefox start that should alert.
  • Potential next steps:
    • Check TAU for any reports regarding the CVE.  A report on a threat is provided on an as-needed basis based on multiple factors.
    • Understand the CVE.
    • Understand if/how the common software is used in the network.
    • Determine if a custom watchlist is warranted to monitor any misuse of the commonly used software.
    • Contact Support to express interest in a particular threat or possibly get more information.

Additional Information

  • Carbon Black reviews new or updated CVEs daily and adjusts the behavioral rules as needed to cover possible Tactics, Techniques and Procedures (TTPs).
  • Carbon Black has an extensive binary reputation database of malware which we keep up to date on literally a daily basis.