The Carbon Black App Control Connector allows you to integrate the Carbon Black App Control Server with one or more network security devices or services so that the external source can provide threat notifications to the server and the server can send files to the external source for detonation and/or analysis.
Several connector integrations are built into the Carbon Black App Control Server and are configurable through settings in the console.
The Carbon Black App Control API provides a way to extend Carbon Black App Control Connector capabilities to devices and services not built into the current Carbon Black App Control Server. When correctly implemented, these connections add the notification and analysis capabilities, and the user interface elements necessary to configure and use them. The interface for configuring a new connector appears on the Connectors tab of the System Configuration page in the console. On this tab, you can make the following configuration choices:
- Integration Enabled - This checkbox enables and disables notification integration for this connector. If this box is unchecked, file analysis will also be disabled automatically.
- File Analysis Enabled - This checkbox enables and disables file analysis for this connector, the connector has this capability. This setting appears only if the connector allows file analysis.
- Upload Location – If File Analysis is enabled, you can customize the upload location for this connector. This option appears only if the connector allows file analysis.
When configured, the new connector appears in the console interface wherever built-in connectors would appear. For example, if a connected device or service allows analysis, the new connector appears on the Action menu of the Files pages as an analysis option. See App Control Connector for a full description of the connector capabilities and user interface.
To add an integration with a custom network security device or service, you must activate the Extend connectors through API permission for the login account that will be used for access to Carbon Black App Control. Completing the configuration for a connector also requires permission to view and manage system configuration.
Once the connector is implemented through the Carbon Black App Control API, you do not need a special license for access to its notification features. However, to upload files from an Carbon Black App Control-managed computer to a third-party devices or service for analysis, you do need the separately licensed File Upload feature.