If you are monitoring and managing your computers with both Carbon Black App Control and VMware Carbon Black Cloud, you can configure the Carbon Black App Control Server to connect to the Carbon Black Cloud and view information it has about activities on these jointly managed endpoints. The Carbon Black Cloud pages you can connect to from Carbon Black App Control depend upon whether your Carbon Black Cloud license includes Carbon Black Cloud Enterprise EDR.
Configuration of this integration requires entering search URLs for your Carbon Black Cloud server, with the search term replaced with the string “<search>”. This is done on the System Configuration Connectors tab.
The following table describes the configuration fields and the resulting links to the Carbon Black Cloud.
Field |
Description |
---|---|
|
Checking this box enables the integration when you save the configuration if URLs have been configured for all relevant fields. Uncheck the box and click Update to disable the connector. URLs are retained and are applied if you re-enable the connector. |
|
The Yes, radio button activates URL fields appropriate for searches of Carbon Black Cloud with Enterprise EDR. The No radio button activates URL fields appropriate for searches of Carbon Black Cloud without Enterprise EDR. |
|
Link name in App Control: Carbon Black Cloud Events. Link location: File and File Instance Details pages Shows when: Carbon Black Cloud Enterprise EDR button is Yes. Results in Carbon Black Cloud: Shows the Investigations page with the results of a search for events involving this file, including additional data on the file provided by Enterprise EDR. URL: https:// <CarbonBlackCloudserveraddress> /EnterpriseEDR/investigate?searchWindow=ALL&query=hash:<search> |
|
Select to populate the URL fields automatically based on your Carbon Black Cloud URL. |
|
Link name in Carbon Black App Control: Carbon Black Cloud Events Link location: File and File Instance Details pages Shows when: Carbon Black Cloud Enterprise EDR button is No. Results in Carbon Black Cloud: Shows the Investigations page with the results of a search for events involving this file. URL: https:// <CarbonBlackCloudserveraddress> /investigate?s[c][QUERY_STRING_TYPE][0]=<search> |
|
Link name in Carbon Black App Control: Carbon Black Cloud Events Link location: Computer Details page Shows when: Carbon Black Cloud Enterprise EDR button is No. Results in Carbon Black Cloud: Shows the Investigations page with the results of a search for events involving this computer, including additional file data from Enterprise EDR. URL: https:// < CarbonBlackCloud serveraddress> / EnterpriseEDR /investigate?searchWindow=ALL&query=device_name:<search> |
|
Link name in Carbon Black App Control: Carbon Black Cloud Device Link location: Computer Details page Shows when: Always (Carbon Black Cloud Enterprise EDR can be Yes or No) Results in Carbon Black Cloud: Shows the All Sensors page with the results of a search for this computer. URL: https:// <CarbonBlackCloudserveraddress> /settings/enrollment?s[c][QUERY_STRING_TYPE][0]=<search> |
If you do manually enter a URL, it must include “<search>” as shown in the preceding instructions.