CBC: Does Carbon Black Detect and Report a CVE on the Vulnerabilities Page?
search cancel

CBC: Does Carbon Black Detect and Report a CVE on the Vulnerabilities Page?

book

Article ID: 285015

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Does the CBC Vulnerabilities page detect and report this specific CVE?

Environment

  • Carbon Black Cloud:  All products

Resolution

It depends.
  1. Search for the CVE on the Vulnerability page to determine if the vulnerable software, noted in the CVE, is present on the network.  (See Additional Notes below to understand what is normally included.)
  2. If the CVE search does not provide results, then the vulnerable software may not be present in the network or it may be uncommon third-party software that CBC does not track.
  • To validate, scan the network for the known affected software configuration using Live Query or a third-party tool.
  • If the vulnerable software noted in the CVE is found, then consider:
a.  Remediation by updating the software version if available.
b.  Build a custom watchlist from the Investigate page.
  • If the vulnerable software noted in the CVE is not found on the network, a watchlist could be created to report its presence in the future based on the environment's security posture.  This may require watchlist maintenance in the future.

 

Additional Information

  • The following CVEs are normally included in CBC:
    • Windows Operating Systems CVEs are normally included. 
    • Limited Linux and OSX Operating System coverage are included.
    • Major third-party CVEs are most likely included.  (i.e. Adobe Reader, etc)
  • Other third-party software may not be included.
    • Check nvd.nist.gov for the CVE.
    • Check the “Known Affected Software Configuration” section.   
  • Open a Support case if additional help is required.