🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

VMware Carbon Black Cloud Endpoint Standard and Enterprise EDR Integration Guide

integrations endpoints vmware carbon black edr


The following applies to:

In order to integrate your VMware Carbon Black Cloud subscription you must configure a Secureworks user account in the Carbon Black domain. The details of this account are captured in the Integration page and allow for integration of Enterprise EDR events into Secureworks® Taegis™ XDR.

Regions

Taegis™ XDR’s EU1 Region can only accept data from Carbon Black’s EU regions.

To integrate Secureworks® Taegis™ XDR with VMware Carbon Black Cloud you need four pieces of information from the Carbon Black Enterprise EDR Dashboard:

  1. What Environment you should select,
  2. The Org Key for your VMware Carbon Black Cloud account,
  3. The API ID, and the
  4. API Secret Key, which you create in the Carbon Black Dashboard when creating the Secureworks user account.

Data Provided from Integration

  Alerts Auth DNS File Collection HTTP NIDS Netflow Process File Modification API Call Registry Scriptblock Management Persistence Thread Injection
VMware Carbon Black Cloud Endpoint™ Standard        
VMware Carbon Black Cloud Enterprise EDR          

The Environment

To figure out which environment to select when configuring Carbon Black Cloud:

  1. Log in to your Carbon Black Dashboard with a user which has the Super Admin role. Note the first part of the URL:

Carbon Black Dashboard URL

Carbon Black Cloud Dashboard URL

  1. Match that URL with the environments listed in the following table:
Carbon Black Dashboard URL Secureworks® Taegis™ XDR Environment for Carbon Black
https://defense-prod05.conferdeploy.net/ prod05
https://dashboard.confer.net/ prod01
https://defense.conferdeploy.net/ prod02

So, for example, if your URL starts with https://defense-prod05.conferdeploy.net/, then you should select prod05 as your environment.

The Org Key

To find the Org Key from your Carbon Black Dashboard:

  1. In the Carbon Black Dashboard, navigate to Settings→API Access and securely copy the ORG KEY from the API Keys tab.

Carbon Black API Keys

Carbon Black Settings→API Access

The API ID and API Secret Key

  1. Navigate to the Access Levels tab and select + Add Access Level button

Carbon Black Add Access Level

Carbon Black Add Access Level

  1. Configure the following settings:
  1. Select the Save button when complete.

Carbon Black Access Level Permissions

Carbon Black Access Level Permissions

  1. Navigate back to the API Keys tab and select the + Add API Key button

Carbon Black Add API Key

Carbon Black Add API Key

  1. Configure the following settings:
  1. Select the Save button when complete.

API Key Creation

API Key Creation

  1. From the same API Keys tab, view and record (securely) the API ID and API Secret Key using the dropdown menu on the right under Actions.

Note

Protect this information as you would a password.

API Credentials

API Credentials

  1. Now that you have recorded the API ID and API Secret Key, complete the integration in Secureworks® Taegis™ XDR by Adding a Carbon Black Cloud Collector.

Tip

A successful integration is indicated on the Secureworks® Taegis™ XDR → Manage → Integrations page with a green checkmark next to the Carbon Black entry.

 

On this page: