VMware Carbon Black Cloud (Carbon Black CB Defense)
  • 2 Minutes To Read
  • Print
  • Share
  • Dark
    Light

VMware Carbon Black Cloud (Carbon Black CB Defense)

  • Print
  • Share
  • Dark
    Light

VMware Carbon Black Cloud (formerly Carbon Black CB Defense) is a cloud native platform delivering next-generation antivirus and endpoint detection and response. This adapter is also compatible with Carbon Black Cloud Enterprise EDR (formerly CB ThreatHunter) and Carbon Black Cloud Audit and Remediation (formerly CB LiveOps).

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. VMware Carbon Black Cloud Domain (required) - Use your VMware Carbon Black Cloud domain, in the following format:

    • To utilize the CB Defense REST API - appservices (v6): https://defense-<environment>.conferdeploy.net/
    • To utilize the CB Defense REST API - intergrationServices (v3): https://api-<environment>.conferdeploy.net/
  2. API ID and API Secret Key (required) - Use the API ID and the API Secret Key you have generated from the Connectors page of the VMware Carbon Black Cloud console.
    For details on generating the API token and the Connector ID, see the CB Defense API authentication reference.

  3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in VMware Carbon Black Cloud Domain. For more details, see SSL Trust & CA Settings.

    • If enabled, the SSL certificate offered by the value supplied in VMware Carbon Black Cloud Domain will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in VMware Carbon Black Cloud Domain will not be verified against the CA database inside of Axonius.
  4. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in VMware Carbon Black Cloud Domain.

    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in VMware Carbon Black Cloud Domain.
    • If not supplied, Axonius will connect directly to the value supplied in VMware Carbon Black Cloud Domain.
  5. Organization Key (optional, default: empty) - Your organization key.

    • If supplied, Axonius will use CB Defense REST API v6 to fetch data from VMware Carbon Black Cloud adapter connection.
    • If not supplied, Axonius will use CB Defense REST API v3 to fetch data from VMware Carbon Black Cloud adapter connection.


      You can find your organization key in the VMware Carbon Black Cloud Console under Settings > API Keys.
  6. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

  1. Fetch deregistred devices (required, default: True) - Choose whether to fetch deregistered devices.
    • If enabled, all connections for this adapter will fetch deregistered devices.
    • If disabled, all connections for this adapter will not fetch deregistered devices.

image.png

Note

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

APIs

Axonius uses the following CB Defense REST APIs:
1. CB Defense REST API - intergrationServices (v3), if you have not specified an organization key.
2. CB Defense REST API - appservices (v6), if you have specified an organization key.

It is recommended to use the CB Defense REST API - appservices (v6).

Was This Article Helpful?