Carbon Black is an enterprise-level Endpoint Detection and Response (EDR) tool that provides real-time data analytics and visualization for big data. With Carbon Black, users are able to access the full data record of every endpoint, even if the device is offline. Attack chains can be easily followed with visualizations that show what happened at each step of the attack.
v6.1 [Dec 19, 2017]
The new tokenization and query capability being introduced in 6.1 attempts to solve these issues and many others by doing the following:
• Add extra characters to the list of characters that should always be converted to white space and therefore never be considered a part of a token.
• Provide special handling to allow user to search for command line switches that start with a / character instead of blindly assuming this is a path character and converting all of those characters to spaces.
• Add additional tokens of file extensions to allow for searching of a simple file extensions in addition to entire command or file names.
• Add wildcard support to support non-leading ? and * characters in queries to search for a single character and multiple characters within a token respectively.
Mall Creeps
