Configure Carbon Black
VMware Carbon Black combines next-gen antivirus with endpoint detection and response (EDR) to create a holistic endpoint protection solution against cyberattacks. This comprehensive technology is available to businesses through its VMware Carbon Black Cloud Endpoint Standard product. The platform allows businesses to manage any number of endpoints through a single interface and software agent, providing endpoint security at scale.
Prerequisites
- Carbon Black account login credentials.
- Carbon Black Cloud API access.
Generate Authentication Secret Keys
Create an Access Level
- Navigate to https://defense.conferdeploy.net/ and log in to the Carbon Black Cloud portal.
- In the left-hand panel, expand the Settings header, and then click API Access.
- Click the Access Levels tab.
- Click the Add Access Level button.
- Enter a unique Name and Description for this access level.
- Check the box in the Read column for the Alerts - General Information - org.alerts row.
- Click Save.
The access level is added to the list.
Generate an API Key
After creating the Access Level, while still on the API Access page:
- Click the API Keys tab.
- Click the Add API Key button.
- Enter a unique Name for the API key and, optionally, a Description.
- Open the Access Level type drop-list and select Custom.
- Open the Custom Access Level drop-list and select the access level created above.
- Click Save.
The API key is created and the API ID and API Secret Key appear.
Copy the API ID and API Secret Key values into a text document.
These values are not accessible once the window is closed. Be sure to copy them now for later use.
- Close the API Credentials pop-up.
On the API Access window, copy the Org Key into the same text document as the API ID and API Secret Key.
The combination of the API ID, API Secret Key, and Org Key is used to configure Axon to read Alert log data from the Carbon Black Cloud Console.
