VMware Carbon Black Cloud Endpoint Standard
Version: 2.1
Updated: Oct 05, 2023
VMware Carbon Black Cloud Endpoint Standard Integration allows security operators to collect information and take action on remote endpoints in real time.
Actions
- Ban Process Hash (Containment) - Ensure a malicious process cannot be executed again across your environment.
- Get Enriched Events (Enrichment) - Get the enriched events associated with an Analytics alert, which includes critical alert triage information such as the process cmdline.
- Get Policies (Enrichment) - List all the available Policies.
- List Banned Hashes (Enrichment) - List all the available Banned Hashes.
- Update Policy Definition (Containment) - Add a process path to the "allow" rules.
VMware Carbon Black Cloud Endpoint Standard configuration
- Log in to the CBC Console.
- Navigate to the Settings menu, and then click on API Access.
- From the API ACCESS page, click on Add API Key.
- Populate the name, Access Level type, and click the Save button.
- Copy the API Credentials (API ID and API Secret Key).
- Also you will see the ORG KEY from API Access, you need to copy it.
VMware Carbon Black Cloud Enterprise EDR in Automation Service and Cloud SOAR
- Access integrations in the Automation Service or Cloud SOAR.
- After the list of the integrations appears, search/look for the VMware Carbon Black Cloud Enterprise EDR integration and click on it. The integration details will appear. Click on the "+" button to add a new Resource.
- Populate all the required fields (*) and then click SAVE.
- Label. The name of the resource.
- API URL. URL to the API of the VMware Carbon Black Cloud Endpoint Standard instance
https://defense.conferdeploy.net
. - Organization Key. The Organization Key you copied earlier.
- API ID. The API ID that you copied earlier.
- API Secret Key. The API Secret Key that you copied earlier.
- To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
- Click TEST SAVED SETTINGS.
- You should receive a successful notification in the bottom right corner.
External Libraries
Change Log
- May 11, 2022 - Refactored all actions with CBC SDK
- June 8, 2022 - Updated integration doc
- October 5, 2023 (v2.1) - Updated the integration with Environmental Variables