Carbon Black CB Defense
  • 2 minutes to read
  • Print
  • Share
  • Dark
    Light

Carbon Black CB Defense

  • Print
  • Share
  • Dark
    Light

Carbon Black CB Defense includes antivirus and EDR in a cloud-delivered platform to stop malware, non-malware attacks, and ransomware.

NOTE
This adapter works with some of Carbon Black's other Predictive Security Cloud offerings, including ThreatHunter and LiveOps.
NOTE
Axonius uses the following CB Defense REST APIs:
1. CB Defense REST API - intergrationServices (v3), if you have not specified an organization key.
2. CB Defense REST API - appservices (v6), if you have specified an organization key.

It is recommended to use the CB Defense REST API - appservices (v6).

Adapter Parameters

  1. Carbon Black CB Defense Domain (required) - Use your Carbon Black CB Defense domain, in the following format:

    • To utilize the CB Defense REST API - appservices (v6): https://defense-.conferdeploy.net/
    • To utilize the CB Defense REST API - intergrationServices (v3): https://api-.conferdeploy.net/
  2. API Key and Connector ID (required) - Use the API token and the Connector ID you have generated from the Connectors page of the Carbon Black CB Defense console.
    For details on generating the API token and the Connector ID, see the CB Defense API authentication reference.

  3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the host supplied in Carbon Black CB Defense Domain. For more details, see SSL Trust & CA Settings.

    • If enabled, the SSL certificate offered by the host will be verified against the CA database inside of Axonius. If it fails validation, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the host will not be verified against the CA database inside of Axonius.
  4. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to Carbon Black CB Defense Domain.

    • If supplied, Axonius will utilize the proxy when connecting to the host defined for this connection.
    • If not supplied, Axonius will connect directly to the host defined for this connection.
  5. Organization Key (optional, default: empty) - Your organization key.

    • If supplied, Axonius will use CB Defense REST API v6 to fetch data from Carbon Black CB Defense adapter connection.
    • If not supplied, Axonius will use CB Defense REST API v3 to fetch data from Carbon Black CB Defense adapter connection.

      You can find your organization key in the Carbon Black Cloud Console under Settings > API Keys.
  6. Choose Instance (required, default: 'Master') - The Axonius node to utilize when connecting to Carbon Black CB Defense Domain. For more details, see Connecting Additional Axonius Nodes.

image.png

Was this article helpful?