The following procedure involves using both consoles. You can copy information from the Carbon Black EDR console and paste it into the App Control console.
To activate integration:
- Review the information in Table 2.1 Integration Settings in App Control for Carbon Black EDR.
- Log into Carbon Black EDR.
- Click Username> My Profile .
- Click API Token .
- From the API Token field, copy the API token.
- Open another browser and log into the App Control console using an account that has Administrator privileges.
- In the App Control console menu:
- If you are running v7.2.3, select Administration > System Configuration .
- If you are running v8.0.0 or higher, click the Administration (gear) icon and select System Configuration .
- Click the Licensing tab.
- Enter the Carbon Black EDR configuration settings as shown in the following table.
Table 1. Integration Settings in App Control for Carbon Black EDR Field/Button Description URL The URL of the Carbon Black EDR server to link to the App Control server. Port is only necessary if you do not use standard ports on the Carbon Black EDR server (80 for HTTP and 443 for HTTPS).
You can copy the base URL (without any page-specific additions) from the Carbon Black EDR browser and paste it into the relevant section of the App Control Configuration page.
Validate SSL Certificate Select this check box to cause a validity check on the Carbon Black EDR server certificate. This should be selected only if the Carbon Black EDR server certificate is issued by a trusted certificate authority. Without manual configuration, Carbon Black EDR uses a self-signed certificate; this should not be checked. API Token Enter the Carbon Black EDR server API Token here by pasting it from the Carbon Black EDR console. Click the Test button to confirm that the server is accessible and that the key works. The test returns one of the following values:
- Success, version: <Carbon Black EDR product version>
- Invalid API Token
- Server not accessible
Receive Watchlist Events Select this box to activate delivery of Carbon Black EDR watchlist events from the configured server to the App Control server. Force Strong SSL Select this box to cause the Carbon Black EDR server to check the App Control server certificate before sending events. Important: This should not be selected if your App Control server uses a self-signed App Control certificate on IIS.
- Click the Test button to determine whether the servers can communicate. Possible causes of failure and their troubleshooting steps are as follows:
- Invalid API Token – Make sure that the API token for the App Control user has been copied correctly from the Carbon Black EDR console and pasted into the Configuration page on the App Control console. Make sure that this user is a Global Administrator.
- Server not accessible – Confirm that the correct URL and port number (if needed) has been entered in the Configuration page on the App Control console, and that the Validate SSL certificate check box was not selected when you use a self-signed certificate. Make sure that access to the Carbon Black EDR server is not blocked by a network firewall.
- Force Strong SSL – Selecting this check box causes the Carbon Black EDR server to check the App Control server certificate before sending watchlist events. This should be checked only if the App Control console certificate is issued by a trusted authority (for example, not self-signed).
If you cannot create a successful connection, contact VMware Carbon Black Technical Support .
- When you have entered and successfully tested the App Control server settings in the App Control console, click Update on the System Configuration/Licensing page. The configuration should be complete and the servers should be integrated.