Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Carbon Black Protection

 

Use the JSA Carbon Black Protection Content Extension to closely monitor your Carbon Black Protection deployment.

JSA Carbon Black Protection Content Extensions

JSA Carbon Black Protection Content Extension V1.0.4

The owner for the Policy custom property was set to admin.

JSA Carbon Black Protection Content Extension V1.0.3

The following table shows the custom properties that were updated in JSA Carbon Black Protection Content Extension V1.0.3.

Table 1: Updated Custom Properties in JSA Carbon Black Protection Content Extension V1.0.3

Name

Optimized

Capture Group

Regex

Policy

No

1

policy=([^\t]+)[\t]*

JSA Carbon Black Protection Content Extension V1.0.2

The following table shows the custom properties that were updated in JSA Carbon Black Protection Content Extension V1.0.2.

Table 2: Updated Custom Properties in JSA Carbon Black Protection Content Extension V1.0.2

Name

Optimized

Capture Group

Regex

Message

No

1

msg=([^\t]+)[\t]*

JSA Carbon Black Protection Content Extension V1.0.1

The following table shows the custom properties in JSA Carbon Black Protection Content Extension V1.0.1.

Table 3: Custom Properties in JSA Carbon Black Protection Content Extension V1.0.1

Name

Optimized

Capture Group

Regex

Ban Name

True

1

banName=([^\t]+)[\t]*

Destination host Name

True

1

dstHostName=([^\t]+)[\t]*

External ID

True

1

externalId=([^\t]+)[\t]*

File Hash

True

1

fileHash=([^\t]+)[\t]*

File ID

True

1

fileId=([^\t]+)[\t]*

File Path

False

1

filePath=([^\t]+)[\t]*

File Threat

True

1

fileThreat=([^\t]+)[\t]*

File Trust

True

1

fileTrust=([^\t]+)[\t]*

Filename

True

1

fileName=([^\t]+)[\t]*

Indicator Name

False

1

indicatorName=([^\t]+)[\t]*

Installer Filename

True

1

installerFileName=([^\t]+)[\t]*

Message

True

1

msg=([^\t]+)[\t]*

Policy

True

1

policy=([^\t]+)[\t]*

Process Key

True

1

processKey=([^\t]+)[\t]*

Process Threat

True

1

processThreat=([^\t]+)[\t]*

Process Trust

True

1

processTrust=([^\t]+)[\t]*

Received Time

True

1

receivedTime=([^\t]+)[\t]*

Root Hash

True

1

rootHash=([^\t]+)[\t]*

Rule Name

True

1

ruleName=([^\t]+)[\t]*

Source Host Name

True

1

srcHostName=([^\t]+)[\t]*

Source Process

True

1

srcProcess=([^\t]+)[\t]*

Unified Source

False

1

unifiedSource=([^\t]+)[\t]*

Updater Name

False

1

updaterName=([^\t]+)[\t]*

JSA Carbon Black Protection Content Extension V1.0.0

The following table shows the custom properties in JSA Carbon Black Protection Content Extension V1.0.0.

Table 4: Custom Properties in JSA Carbon Black Protection Content Extension V1.0.0

Name

Optimized

Capture Group

Regex

Ban Name

False

1

banName=([^\t]+)[\t]*

Destination host Name

True

1

dstHostName=([^\t]+)[\t]*

External ID

True

1

externalId=([^\t]+)[\t]*

File Hash

True

1

fileHash=([^\t]+)[\t]*

File ID

True

1

fileId=([^\t]+)[\t]*

File Path

True

1

filePath=([^\t]+)[\t]*

File Threat

False

1

fileThreat=([^\t]+)[\t]*

File Trust

False

1

fileTrust=([^\t]+)[\t]*

Filename

True

1

fileName=([^\t]+)[\t]*

Indicator Name

False

1

indicatorName=([^\t]+)[\t]*

Installer Filename

True

1

installerFileName=([^\t]+)[\t]*

Message

True

1

msg=([^\t]+)[\t]*

Policy

True

1

policy=([^\t]+)[\t]*

Process Key

False

1

processKey=([^\t]+)[\t]*

Process Threat

False

1

processThreat=([^\t]+)[\t]*

Process Trust

False

1

processTrust=([^\t]+)[\t]*

Received Time

True

1

receivedTime=([^\t]+)[\t]*

Root Hash

True

1

rootHash=([^\t]+)[\t]*

Rule Name

True

1

ruleName=([^\t]+)[\t]*

Source Host Name

True

1

srcHostName=([^\t]+)[\t]*

Source Process

True

1

srcProcess=([^\t]+)[\t]*

Unified Source

False

1

unifiedSource=([^\t]+)[\t]*

Updater Name

False

1

updaterName=([^\t]+)[\t]*