VMware Carbon Black EDR (Carbon Black CB Response)
  • 3 Minutes To Read
  • Print
  • Share
  • Dark
    Light

VMware Carbon Black EDR (Carbon Black CB Response)

  • Print
  • Share
  • Dark
    Light

VMware Carbon Black EDR (formerly Carbon Black CB Response) is a threat hunting and incident response solution that delivers continuous visibility in offline, air-gapped, and disconnected environments using threat intel and customizable detections.

Parameters

  1. VMware Carbon Black EDR Domain (required) - hostname / IP of the VMware Carbon Black EDR admin local server or the cloud service.

  2. Username and Password (optional, default: empty) - The username and password for an account that has read access to the API.

    • If supplied, Axonius will use the specified user name and password credentials to fetch data from VMware Carbon Black EDR.
    • If no supplied, Axonius will use the specific API Key to fetch data from VMware Carbon Black EDR.
  3. API Token (optional, default: empty) - API Token to be authenticated against the VMware Carbon Black EDR API. For details, see the section below.

    • If supplied, Axonius will use the specific API Key to fetch data from VMware Carbon Black EDR.
    • If not supplied, Axonius will use the specified username and password credentials to fetch data from VMware Carbon Black EDR.
    NOTE

    It is recommended to create and to use an API token as the authentication method, as the user name and password credentials are not supported for all VMware Carbon Black EDR versions.

    You must specify an API Token or Username and Password, but not both. If all of those fields are populated, Axonius will try to authenticate with the supplied Username and Password.

  4. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in VMware Carbon Black EDR Domain. For more details, see SSL Trust & CA Settings.

    • If enabled, the SSL certificate offered by the value supplied in VMware Carbon Black EDR Domain will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in VMware Carbon Black EDR Domain will not be verified against the CA database inside of Axonius.
  5. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in VMware Carbon Black EDR Domain.

    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in VMware Carbon Black EDR Domain.
    • If not supplied, Axonius will connect directly to the value supplied in VMware Carbon Black EDR Domain.
  6. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

  1. Fetch uninstalled devices (required, default: True) - Choose whether to fetch uninstalled devices.
    • If enabled, all connections for this adapter will fetch uninstalled devices.
    • If disabled, all connections for this adapter will not fetch uninstalled devices.

image.png

Note

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Creating an API Key

To create an API Key, do as follows:

  1. As an admin, connect to the VMware Carbon Black EDR admin panel.
    Click on the user management logo to open the user management tab. Then, click "Teams" and "Create Team":

image.png

  1. Type a name for the new team and drag the relevant group to "Viewer Access". Click "Save Changes":

image.png

  1. Go to "Users" and click "Add User". Fill in the details and assign the user to the team we just created. Optional: If you want to be able to isolate and un-isolate devices from the Axonius control panel, assign the new user to the "Administrators" group:

image.png

  1. Log out of the admin panel and login as the new user. Then, go to "My Profile". Click on API Token to see your API token

image.png

Was This Article Helpful?