Recent updates
-
Infiltrate
Updated onArticleSpearphishing is a common technique to infiltrate and gain initial access to an environment. Much of the data attackers use to make an email seem legitimate is available online – and even posted by companies themselves. Public information such as employees, current projects, organizational charts, and so forth can be used to make a message appear legitimate to even discerning employees.
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 4: Spearphishing/Known Malware - Infiltrate
-
Carbon Black Cloud
Updated onArticleThe following section details the basics of accessing and using the Carbon Black Cloud. If you are familiar with the Carbon Black Cloud you may skip the informational section one. For a more in-depth walkthrough of the CBC please see the “Endpoint Standard Hands-On Lab” located here: https://labs.hol.vmware.com/HOL/catalogs/lab/10096
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 2: Walkthrough of the Carbon Black Cloud
-
Access the Carbon Black Malware Desktop
Updated onArticleTo login to the environment, perform the following steps.
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 1: Accessing the Environment
-
File Integrity Control / Monitoring Overview
Updated onArticleThis activity will create custom rules specific to FIM/FIC. For more information on custom rules see earlier section (Custom Rules)
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Lab Activities - File Integrity Control / Monitoring
-
Rule Discovery Overview
Updated onArticleThis activity will cover a variety of rules and approval methods App Control offers. For more information on approvals see earlier section (App Control Rules and Approvals)
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Lab Activities - Rule Discovery
-
Enforcement Level Activity Overview
Updated onArticleThis activity will cover Enforcement Levels and how assigned level affects running unapproved applications. For background on Enforcement levels see earlier section (App Control Enforcement Levels)
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Lab Activities - Enforcement Level Activity
-
App Control Enforcement Levels Overview
Updated onArticleThis section provides optional background related to the VMware Carbon Black App Control solution. If you have experience or background knowledge on the App Control solution this section may be skipped.
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Enforcement Levels
-
App Control Rules and Approvals Overview
Updated onArticleThis section provides optional background related to the VMware Carbon Black App Control solution. If you have experience or background knowledge on the App Control solution this section may be skipped.
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Rules and Approvals
-
App Control Overview
Updated onArticleThis section provides optional background related to the VMware Carbon Black App Control solution. If you have experience or background knowledge on the App Control solution this section may be skipped.
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Background
-
Introduction and Accessing the TestDrive Experience
Updated onArticleWhat is App Control?
Carbon Black App Control combines application control, file integrity monitoring, full-featured device control, and memory/tamper protection into a single agent. App Control is used to lock down critical systems and servers, prevent unwanted changes, and ensure continuous compliance.App Control is a positive security solution allowing for a "default deny" approach to reduce the attack surface. App Control gives administrators the operational confidence to automatically approve legitimate change and eliminate the burden traditionally seen in allowlist management
Edited for Discovery (Pathfinder) TDX-2436-01-SEC Introduction