Carbon Black

Improve your Carbon Black Alert Validation & TI extraction with VMRay Analyzer

About Carbon Black Cloud

Cloud native endpoint, workload, and container protection platform (EDR) that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single, easy-to-use console. By analyzing more than 1 trillion security events per day, VMware Carbon Black Cloud proactively uncovers attackers’ behavior patterns and empowers defenders to detect and stop emerging attacks.


Integration Use Cases

VMWare Carbon Black Cloud can upload all new binaries it detects to the cloud storage so that nothing is missed during the investigation even if original malware or hacking tools were later deleted by intruders. All these new files may be automatically submitted to the cloud instance of the VMRay Analyzer for inspection

How VMRay Analyzer helps:

VMRay Analyzer performs analysis of the file and reports back to VMWare Carbon Black Cloud overall severity and IOCs. Full analysis report from VMRay Analyzer is also available from the VMWare Carbon Black Cloud console.

Technical details

Connector collects unique SHA256 hash values of processes and then downloads samples from CB Cloud to submit them into VMRay Analyzer. Depending on the connector settings , files with Suspicious, Malicious or both verdicts  can be submitted .  After the analysis is finished, connector retrieves IOC values and tags  from the VMRay Analyzer and creates Reports in the VMware Carbon Black Watchlist. If ban option is enabled, connector also bans executables on the VMware Carbon Black Cloud according to the selected verdicts. Full report is also accessible from the VMware Carbon Black Cloud console


  • Python 3.x with required packages below
    • requests==2.26.0
    • vmray_rest_api==5.1.1
    • carbon_black_cloud_sdk==1.3.3
  • VMware Carbon Black Cloud
  • VMRay Analyzer
  • Docker (Optional)

Watch the video

Download the connector Documentation


Autonomous Response to critical malware alerts

VMRay + Palo Alto Networks       JOINT WEBINAR