Carbon Black CB Response
- 1 minute to read
Carbon Black CB Response includes scalable, real-time EDR with unfiltered visibility for security operations centers and incident response teams.
The Carbon Black CB Response Adapter connection requires the following parameters:
- Carbon Black CB Response Domain – URL / IP of the Carbon Black CB Response admin panel
- Username and Password - user credentials.
- API Token - To connect to Carbon Black CB Response, you will need to create an API Key in the admin panel
- HTTP Proxy (Optional) – Ability to configure a proxy specifically to the adapter instead of direct approaching to the domain
- Verify SSL – Whether or not verifying the SSL certificate of the server.
- Choose Insance - if you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes
Create an API Key
To create an API Key, do as follows:
- As an admin, connect to the Carbon Black CB Response admin panel.
Click on the user management logo to open the user management tab. Then, click "Teams" and "Create Team":
- Type a name for the new team and drag the relevant group to "Viewer Access". Click "Save Changes":
- Go to "Users" and click "Add User". Fill in the details and assign the user to the team we just created. Optional: If you want to be able to isolate and un-isolate devices from the Axonius control panel, assign the new user to the "Administrators" group:
- Log out of the admin panel and login as the new user. Then, go to "My Profile". Click on API Token to see your API token
Upload the downloaded JSON in the adapter configuration and the Carbon Black CB Response adapter is configured.