Skip to main content

VMware Carbon Black Cloud Endpoint Standard

vmware-carbon-black-cloud-endpoint-standard

Version: 2.1
Updated: Oct 05, 2023

VMware Carbon Black Cloud Endpoint Standard Integration allows security operators to collect information and take action on remote endpoints in real time.

Actions​

  • Ban Process Hash (Containment) - Ensure a malicious process cannot be executed again across your environment.
  • Get Enriched Events (Enrichment) - Get the enriched events associated with an Analytics alert, which includes critical alert triage information such as the process cmdline.
  • Get Policies (Enrichment) - List all the available Policies.
  • List Banned Hashes (Enrichment) - List all the available Banned Hashes.
  • Update Policy Definition (Containment) - Add a process path to the "allow" rules.

VMware Carbon Black Cloud Endpoint Standard configuration​

  1. Log in to the CBC Console.
  2. Navigate to the Settings menu, and then click on API Access.
    vmware-carbon-black-cloud-endpoint-standard
  3. From the API ACCESS page, click on Add API Key.
    vmware-carbon-black-cloud-endpoint-standard
  4. Populate the name, Access Level type, and click the Save button.
    vmware-carbon-black-cloud-endpoint-standard
  5. Copy the API Credentials (API ID and API Secret Key).
    vmware-carbon-black-cloud-endpoint-standard
  6. Also you will see the ORG KEY from API Access, you need to copy it.
    vmware-carbon-black-cloud-endpoint-standard

VMware Carbon Black Cloud Enterprise EDR in Automation Service and Cloud SOAR​

  1. Access integrations in the Automation Service or Cloud SOAR.
  2. After the list of the integrations appears, search/look for the VMware Carbon Black Cloud Enterprise EDR integration and click on it. The integration details will appear. Click on the "+" button to add a new Resource.
    vmware-carbon-black-cloud-endpoint-standard
  3. Populate all the required fields (*) and then click SAVE.
    • Label. The name of the resource.
    • API URL. URL to the API of the VMware Carbon Black Cloud Endpoint Standard instance https://defense.conferdeploy.net.
    • Organization Key. The Organization Key you copied earlier.
    • API ID. The API ID that you copied earlier.
    • API Secret Key. The API Secret Key that you copied earlier.
      vmware-carbon-black-cloud-endpoint-standard
  4. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
    vmware-carbon-black-cloud-endpoint-standard
  5. Click TEST SAVED SETTINGS.
    vmware-carbon-black-cloud-endpoint-standard
  6. You should receive a successful notification in the bottom right corner.
    vmware-carbon-black-cloud-endpoint-standard

External Libraries​

Change Log​

  • May 11, 2022 - Refactored all actions with CBC SDK
  • June 8, 2022 - Updated integration doc
  • October 5, 2023 (v2.1) - Updated the integration with Environmental Variables
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.