The Webroot Cloud Connector integration allows Blumira to collect logs from Webroot's advanced cloud-based antivirus and antimalware software solution.
Note: You must have Endpoint Protection for the Blumira Cloud Connector to work, but DNS Protection is optional. If the site has access to DNS Protection, Blumira will pull data from the site.
Before you begin
To configure Blumira’s Webroot Cloud Connector, you must gather the following information from Webroot:
- Client ID
- Client Secret
- Site Name
- Site Parent Keycode
- Administrator Username
- Administrator Password
Note: If you are setting up integrations for multiple sites, you can use the same Site Parent Keycode, Administrator Username and Password, Client ID, and Client Secret, but there will be a different value for the Site Name. Remember to grant viewer rights for your Admin account for each Site you’d like to configure for log forwarding from the Admins > Site Permissions UI in your Webroot Admin console.
To create a new API credential and gather the Client ID and Secret, do the following:
- Log in to Webroot.
- Click Settings.
- Click Unity API Access.
- Click Create New Client Credential, or click New if you have previously created a different client credential in Webroot.
- In the Create New Client Credential window, type a name and description, then click Next.
- Under “Do you plan to use the event notification API?”, select Yes.
- Under “How do you plan to use Unity API?”, select Integrate with SIEM provider.
- Under “Please provide the SIEM provider name”, type Blumira.
- Click Next.
- (Optional) Type comments for Webroot about the Unity API or leave the comment box blank.
- Click Save.
- Copy and save the Client ID and the Client Secret to use in later steps in the Blumira Cloud Connector.
To gather your site name(s), do the following:
If you have multiple sites in Webroot, complete these steps:
- In your Webroot Management Console, click Site List.
Under Sites, copy the name of the site for which you will set up the integration.
Note: If you have multiple sites that you want Blumira to protect, you must configure separate Cloud Connectors for each site.
If you have a single site, complete these steps:
- In your Webroot Management Console, navigate to Settings.
- In Site / Company Name, copy the site name.
To gather the Parent Keycode of your Webroot site, do the following:
- Navigate to Settings > Account Information.
- In Parent Keycode, copy the code to be used in later steps in the Blumira Cloud Connector.
To gather the Administrator Username and Password, do the following:
Determine if you will use credentials from an existing Webroot Super Admin or Limited Admin or if you want to create a new user profile for this integration.
Important: You cannot use a Site-Level Admin for this API connection.
- If creating a new user, complete the steps in Webroot’s Adding a new administrator to create a new user profile for the Blumira integration.
- Copy the email address of the administrator to use as the Username in the Blumira Cloud Connector.
- When creating a new password for the administrator, copy and save the password to use in the Blumira Cloud Connector.
Providing your Webroot credentials to Blumira
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure the Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector you want to add.
- In the Cloud Connector Name box, type a name to help identify the specific integration.
- Enter the credentials that you collected in the previous steps.
- Click Connect.
Endpoints included in the integration
The integration with Webroot delivers these endpoints:
Reference: Find additional details such as status codes and authentication information in Webroot's Unity API documentation.