Skip to main content

VMware Carbon Black Cloud Endpoint Standard

vmware-carbon-black-cloud-endpoint-standard

Version: 2.1
Updated: Oct 05, 2023

VMware Carbon Black Cloud Endpoint Standard Integration allows security operators to collect information and take action on remote endpoints in real time.

Actions

  • Ban Process Hash (Containment) - Ensure a malicious process cannot be executed again across your environment.
  • Get Enriched Events (Enrichment) - Get the enriched events associated with an Analytics alert, which includes critical alert triage information such as the process cmdline.
  • Get Policies (Enrichment) - List all the available Policies.
  • List Banned Hashes (Enrichment) - List all the available Banned Hashes.
  • Update Policy Definition (Containment) - Add a process path to the "allow" rules.

VMware Carbon Black Cloud Endpoint Standard configuration

  1. Log in to the CBC Console.
  2. Navigate to the Settings menu, and then click on API Access.
    vmware-carbon-black-cloud-endpoint-standard
  3. From the API ACCESS page, click on Add API Key.
    vmware-carbon-black-cloud-endpoint-standard
  4. Populate the name, Access Level type, and click the Save button.
    vmware-carbon-black-cloud-endpoint-standard
  5. Copy the API Credentials (API ID and API Secret Key).
    vmware-carbon-black-cloud-endpoint-standard
  6. Also you will see the ORG KEY from API Access, you need to copy it.
    vmware-carbon-black-cloud-endpoint-standard

VMware Carbon Black Cloud Enterprise EDR in Automation Service and Cloud SOAR

  1. For configuring VMware Carbon Black Cloud Enterprise EDR integration in the Sumo Logic Cloud SOAR, login into the application, expand the configuration menu in the top right corner by hovering over the gear icon, and click Automation.
    vmware-carbon-black-cloud-endpoint-standard
  2. In the Automation section, on the left menu, click Integrations.
    vmware-carbon-black-cloud-endpoint-standard
  3. After the list of the integrations appears, search/look for the VMware Carbon Black Cloud Enterprise EDR integration and click on it. The integration details will appear. Click on the "+" button to add a new Resource.
    vmware-carbon-black-cloud-endpoint-standard
  4. Populate all the required fields (*) and then click SAVE.
    • Label. The name of the resource.
    • API URL. URL to the API of the VMware Carbon Black Cloud Endpoint Standard instance https://defense.conferdeploy.net.
    • Organization Key. The Organization Key you copied earlier.
    • API ID. The API ID that you copied earlier.
    • API Secret Key. The API Secret Key that you copied earlier.
      vmware-carbon-black-cloud-endpoint-standard
  5. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
    vmware-carbon-black-cloud-endpoint-standard
  6. Click TEST SAVED SETTINGS.
    vmware-carbon-black-cloud-endpoint-standard
  7. You should receive a successful notification in the bottom right corner.
    vmware-carbon-black-cloud-endpoint-standard

External Libraries

Change Log

  • May 11, 2022 - Refactored all actions with CBC SDK
  • June 8, 2022 - Updated integration doc
  • October 5, 2023 (v2.1) - Updated the integration with Environmental Variables
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.