CBC: Does Carbon Black Detect and Report a CVE on the Vulnerabilities Page?
book
Article ID: 285015
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Does the CBC Vulnerabilities page detect and report this specific CVE?
Environment
Carbon Black Cloud: All products
Resolution
It depends.
Search for the CVE on the Vulnerability page to determine if the vulnerable software, noted in the CVE, is present on the network. (See Additional Notes below to understand what is normally included.)
If the CVE search does not provide results, then the vulnerable software may not be present in the network or it may be uncommon third-party software that CBC does not track.
To validate, scan the network for the known affected software configuration using Live Query or a third-party tool.
If the vulnerable software noted in the CVE is found, then consider:
If the vulnerable software noted in the CVE is not found on the network, a watchlist could be created to report its presence in the future based on the environment's security posture. This may require watchlist maintenance in the future.
Additional Information
The following CVEs are normally included in CBC:
Windows Operating Systems CVEs are normally included.
Limited Linux and OSX Operating System coverage are included.
Major third-party CVEs are most likely included. (i.e. Adobe Reader, etc)
Other third-party software may not be included.
Check nvd.nist.gov for the CVE.
Check the “Known Affected Software Configuration” section.
Open a Support case if additional help is required.