Integrating Carbon Black with SecurityCoach
In this article, you will learn how to integrate Carbon Black with SecurityCoach. Once the integration is complete, data provided by Carbon Black will be available for use under the SecurityCoach tab of your KMSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.
Click the links below to learn how to integrate Carbon Black with SecurityCoach.
Create a Custom Access Level
Before you can set up this integration in your KMSAT console, you will need to create a custom access level and an API key.
To create a custom access level, follow the steps below:
- Log in to your Carbon Black Cloud console and navigate to Settings > API Access > Access Levels.
- Click Add Access Level.
- In the Access Level section, enter a unique name and a description for the level.
Note: You will need a level with a unique name in order to create an API Key.
- Locate the API Service Category in the permissions table and select the following Access Level:
- For the category Alerts > General Information > org.alerts, select the READ check box.
- For the category Alerts > Notes > org.alerts.notes, select the READ check box.
After you've selected the correct permissions for your access level, you can create your API key by following the steps in the Create an API Key section below.
Create an API Key
After you’ve created your custom access level, you can create a Carbon Black API key. You will need this key when you set up the integration in your KMSAT console.
To create an API key, follow the steps below:
- Log in to your Carbon Black Cloud console and navigate to Settings > API Access > API Keys.
- Click Add API Key.
- In the Name field, enter a unique name for the API Key.
- From the Access Level Type drop-down menu, select Custom.
- From the Custom access level access drop-down menu, select the access level you created in the Create a Custom Access Level section above.
Note: Choose a name that clearly distinguishes the API key from your organization’s other API keys.
- Click Save. After you click Save, your API Key Credentials, including your API Key and API ID, will display.
- Copy and save the API Key and API ID somewhere that you can easily access. You will need these credentials to complete the integration setup in the Set Up the Integration in Your KMSAT Console section below.
Set Up the Integration in Your KMSAT Console
To register Carbon Black with SecurityCoach in your KMSAT console, follow the steps below:
- Log in to your KMSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate Carbon Black and click Configure.
- Enter the API ID and API Key that was created in the Create an API Key section above.
- Enter the API Domain, which is displayed in the URL of your Carbon Black Cloud console. For example, if your console URL is “https://dashboard.confer.net/”, your API domain would be “dashboard.confer.net”.
- Enter the Org Key, which is displayed in the API Access window of your Carbon Black Cloud console.
- Click Authorize.
Map Your Users
After you’ve finished integrating Carbon Black, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.
Once you’ve successfully authorized this integration, you can manage detection rules for Carbon Black on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.