VMware Carbon Black Cloud Enterprise EDR

Version: 2.1
Updated: Oct 05, 2023

VMware Carbon Black Cloud Enterprise EDR Integration Interact with watchlists, files, and processes using Carbon Black Threat Hunter.

Actions

Add IoC To Watchlist Report (Containment) - Add a suspicious file hash to the watchlist (and receive an alert if its ever seen again)
Disable Watchlist Alerts (Containment) - Turn off alerting for a noisy watchlist to reduce future alert fatigue
Download File (Enrichment) - Fetch a potentially malicious binary and send it to a sandbox for analysis
Get Binary Metadata (Enrichment) - Get more information about possible binary impersonation.
Get Watchlist Report Info (Enrichment) - Get details about the Watchlist
Ignore An IoC (Containment) - Ignore a false-positive IoC so that it does not introduce future noise
List Watchlists (Enrichment) - Get all available watchlists
Remove IoC From Watchlist Report (Containment) - Remove IoC From Watchlist

Access integrations in the Automation Service or Cloud SOAR.
After the list of the integrations appears, search/look for the VMware Carbon Black Cloud Enterprise EDR integration and click on it. The integration details will appear. Click on the "+" button to add a new Resource.
Populate all the required fields (*) and then click SAVE.
- Label. The name of the resource.
- API URL. URL to the API of the VMware Carbon Black Cloud Enterprise EDR instance https://defense.conferdeploy.net.
- Organization Key. The Organization Key you copied earlier.
- API ID. The API ID that you copied earlier.
- API Secret Key. The API Secret Key that you copied earlier.
To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
Click TEST SAVED SETTINGS.
You should receive a successful notification in the bottom right corner.