Carbon Black Cloud: Does the CBC sensor capture events around user input credentials in any domain?
Article ID: 288974
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Can the CBC sensor capture events around when a user would input credentials into any domain, or phishing sites, etc.?
Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
- Mac OSX: All Supported Versions
- Linux: All Supported Versions
Resolution
Currently the CBC product does not log that level of detail. At best, you can see a browser making a network connection to a domain. However, the CBC sensor does not:
- Know whether or not the domain/site is a phishing site or legit
- Know if a userr submitted anything to the site
- Know if that submission contained credentials
- Know whether or not the domain/site is a phishing site or legit
- Know if a userr submitted anything to the site
- Know if that submission contained credentials
Feedback
Yes
No
Powered by
