Setting Up Integrations

Carbon Black Integration Guide for SecurityCoach

In this article, you will learn how to integrate Carbon Black with SecurityCoach. Once the integration is complete, data provided by Carbon Black will be available for use under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Create a Custom Access Level

Before you can set up this integration in your KSAT console, you will need to create a custom access level and an API key.To create a custom access level, follow the steps below:

  1. Log in to your Carbon Black Cloud console and navigate to Settings > API Access > Access Levels. CarbonBlack Settings
  2. Click Add Access Level.
  3. In the Access Level section, enter a unique name and a description for the level.
    Important:You will need a level with a unique name in order to create an API Key.
  4. Locate the API Service Category in the permissions table and select the following Access Level:
    • For the category Alerts > General Information > org.alerts, select the READ check box.
    • For the category Alerts > Notes > org.alerts.notes, select the READ check box. CarbonBlack Permissions

After you've selected the correct permissions for your access level, you can create your API key by following the steps in the Create an API Key section below.

Create an API Key

After you’ve created your custom access level, you can create a Carbon Black API key. You will need this key when you set up the integration in your KSAT console.

To create an API key, follow the steps below:

  1. Log in to your Carbon Black Cloud console and navigate to Settings > API Access > API Keys. CarbonBlack API Keys Tab
  2. Click Add API Key.
  3. In the Name field, enter a unique name for the API Key.
  4. From the Access Level Type drop-down menu, select Custom.
  5. From the Custom access level access drop-down menu, select the access level you created in the Create a Custom Access Level section above.
    Note:Choose a name that clearly distinguishes the API key from your organization’s other API keys.
    CarbonBlack Add API Key
  6. Click Save. After you click Save, your API Key Credentials, including your API Key and API ID, will display.
  7. Copy and save the API Key and API ID somewhere that you can easily access. You will need these credentials to complete the integration setup in the Set Up the Integration in Your KSAT Console section below.

Set Up the Integration in Your KSAT Console

To register Carbon Black with SecurityCoach in your KSAT console, follow the steps below:

  1. Log in to your KSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
  2. Locate Carbon Black and click Configure.
  3. Enter the API ID and API Key that was created in the Create an API Key section above. CarbonBlack Configuration
  4. Enter the API Domain, which is displayed in the URL of your Carbon Black Cloud console. For example, if your console URL is “https://dashboard.confer.net/”, your API domain would be “dashboard.confer.net”.
  5. Enter the Org Key, which is displayed in the API Access window of your Carbon Black Cloud console.
  6. Click Authorize. CarbonBlack Org Key

Map Your Users

After you’ve finished integrating Carbon Black, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.

Once you’ve successfully authorized this integration, you can manage detection rules for Carbon Black on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.

Can't find what you're looking for?

Contact Support