Overview
Blumira’s modern SIEM platform integrates with VMware Carbon Black Cloud Endpoint Standard (formerly Carbon Black Defense) to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.
Once configured, Blumira’s integration with VMware Carbon Black Cloud Endpoint Standard will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
Before you can configure the Blumira Cloud Connector, gather these credentials from Carbon Black to be used in later steps:
- Hostname URL
- Org Key
- App ID
- API Secret Key
The Hostname URL value is determined by your Carbon Black Dashboard URL, excluding "https://" from the address, which you can find in this table.
To gather your credentials in Carbon Black, do the following:
- In Carbon Black Endpoint Standard, navigate to Dashboard > General.
- Find and copy the Org Key, which is located below the Org ID.
Note: Org ID is different from Org Key and will not work as a credential in the Blumira Cloud Connector. - Navigate to Dashboard > Settings > API Access.
- Click Access Levels on the top left.
- Click Add Access Levels on the top right.
- In the Edit Access Level window, type a name and a description, then click the Read check box in the row for each of these seven permissions:
- Alerts
- Tags (org.alerts.tags)
- ThreatMetadata (org.xdr.metadata)
- Notes (org.alerts.notes)
- ThreatHunt (org.mdr.threathunts)
- General information (org.alerts)
- Audit Logs (org.audits)
- Custom Detections (org.watchlists)
- Alerts
- Click Save.
- In the API Access window, click Add API Key.
- In the Name box, type a name for the API Key.
- In the Access level type box, select Custom from the dropdown list.
- In the Custom Access Level box, select the Access Level you created in previous steps.
- Click Save.
- In the window that appears, copy and save the Secret ID and the Secret Key to use in the Cloud Connector.
Configuring the Blumira Cloud Connector
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure the Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector you want to add.
- In the Cloud Connector Name box, type a name to help identify the specific integration.
- Enter the credentials that you collected in the previous steps.
- Click Connect.
Tip: If you receive an error when attempting to connect, ensure your access level permissions are correct in Carbon Black and that you are using the proper URL.