VMware Carbon Black Cloud
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com/ |
| Categories | domains |
| Version | 3.0.8 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-06-01 |
| Last Updated | 2026-04-17 |
| Solution Folder | VMware Carbon Black Cloud |
| Marketplace | Azure Marketplace · Rating: ★☆☆☆☆ 1.0/5 (1 ratings) · Popularity: 🟢 High (83%) |
The VMware Carbon Black Cloud solution for Microsoft Sentinel allows ingesting Carbon Black Audit, Notification and Event logs into Microsoft Sentinel.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor HTTP Data Collector API
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
- [DEPRECATED] VMware Carbon Black Cloud (using Azure Function) 🔶
- VMware Carbon Black Cloud via AWS S3 ⚠️
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 10 table(s):
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 6 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 3 |
| Analytic Rules | 2 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Critical Threat Detected | Medium | LateralMovement | CarbonBlackNotifications_CL |
| Known Malware Detected | Medium | Execution | CarbonBlackEvents_CL |
Workbooks
| Name | Tables Used |
|---|---|
| VMwareCarbonBlack | CarbonBlackEvents_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Endpoint enrichment - Carbon Black | This playbook will collect device information from Carbon Black and post a report on the incident. | - |
| Endpoint take action from Teams - Carbon Black | This playbook sends an adaptive card to the SOC Teams channel, lets the analyst decide on action: Qu... | - |
| Isolate endpoint - Carbon Black | This playbook will quarantine the host in Carbon Black. | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.8 | 24-03-2026 | Deprecate to VMware Carbon Black Cloud (using Azure Function) |
| 3.0.7 | 24-03-2026 | Rename to VMware Carbon Black Cloud via AWS S3(via Codeless Connector Framework) |
| 3.0.6 | 28-01-2026 | Updated all VMware Carbon Black Cloud product page URLs to now point to the new Broadcom URL |
| 3.0.5 | 22-01-2025 | Removed Custom Entity mappings from Analytic rules |
| 3.0.4 | 19-11-2024 | Modified TransformKQL queries of CCP Data Connector |
| 3.0.3 | 28-10-2024 | Added Sample Queries to the CCP Data Connector template |
| 3.0.2 | 15-10-2024 | Added new CCP Data Connector to the Solution |
| 3.0.1 | 17-04-2024 | Added Azure Deploy button for government portal deployments in Data connectors |
| 3.0.0 | 19-02-2024 | Alterts API integration done in Carbon Black Function App |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊