The Carbon Black Cloud Threat Intelligence Connector is a python connector for ingesting and processing STIX Content from various third party sources such as TAXII servers or directly from XML or JSON files. The current supported versions for STIX are 1.x, 2.0, 2.1, and TAXII 1.0, 1.1, 2.0, 2.1.
Requirements
- Carbon Black Cloud Enterprise EDR
- Custom API key
Custom API Key
The connector requires an API key with the relevant custom permissions.
To generate the specific permissions, click Settings > API Access > Access Level > Add Access Level. Then create the API key in Settings > API Access > API Keys.
| Custom Detections > Feeds <org.feeds> | Create, Read, Update, Delete |
| Custom Detections > Watchlists <org.watchlists> | Create, Read, Update, Delete |
Credentials File
Create а credentials file by using the guides Authentication and Getting Started with the Carbon Black Cloud Python SDK. Then create a profile in the credentials file by using the Custom API Key that you created.
Installation
You can install the Carbon Black Cloud Threat Intelligence Connector using the GitHub README.
