The following procedure involves using both consoles. You can copy information from the Carbon Black EDR console and paste it into the Carbon Black App Control console.
Prerequisites
Review the table in Step 7.
Procedure
- Log into Carbon Black EDR.
- Click Username> My Profile.
- Open another browser and log into the Carbon Black App Control console using an account that has Administrator privileges.
- In the Carbon Black App Control console menu:
- If you are running v7.2.3, select Administration > System Configuration.
- If you are running v8.0.0 or higher, click the Administration (gear) icon and select System Configuration .
- Click the Licensing tab and enter the Carbon Black EDR configuration settings as shown in the following table.
Table 1. Integration Settings in App Control for Carbon Black EDR Field/Button Description URL The URL of the Carbon Black EDR server to link to the Carbon Black App Control server. Port is only necessary if you do not use standard ports on the Carbon Black EDR server (80 for HTTP and 443 for HTTPS). You can copy the base URL (without any page-specific additions) from the Carbon Black EDR browser and paste it into the relevant section of the Carbon Black App Control Configuration page.
Validate SSL Certificate Select this check box to cause a validity check on the Carbon Black EDR server certificate. This should be selected only if the Carbon Black EDR server certificate is issued by a trusted certificate authority. Without manual configuration,Carbon Black EDR uses a self-signed certificate; this should not be checked. API Token Enter the Carbon Black EDR server API token here. Click the Test button to confirm that the server is accessible and that the key works. The test returns one of the following values: - Success, version: <Carbon Black EDR product version>
- Invalid API Token: Make sure that the API token for the Carbon Black App Control user has been copied correctly from the Carbon Black EDR console and pasted into the Configuration page on the Carbon Black App Control console. The user must be a Global Administrator.
- Server not accessible
Receive Watchlist Events Select this box to activate delivery of Carbon Black EDR watchlist events from the configured server to the Carbon Black App Control server. Force Strong SSL Select this box to cause the Carbon Black EDR server to check the Carbon Black App Control server certificate before sending events. Important: This should not be selected if your Carbon Black App Control server uses a self-signed Carbon Black App Control certificate on IIS. - Click the Test button to determine whether the servers can communicate. Possible causes of failure and their troubleshooting steps are as follows:
- Invalid API Token – Make sure that the API token for the Carbon Black App Control user has been copied correctly from the Carbon Black EDR console and pasted into the Configuration page on the Carbon Black App Control console. Make sure that this user is a Global Administrator.
- Server not accessible – Confirm that the correct URL and port number (if needed) has been entered in the Configuration page on the Carbon Black App Control console, and that the Validate SSL certificate checkbox was not selected when you use a self-signed certificate. Make sure that access to the Carbon Black EDR server is not blocked by a network firewall.
- Force Strong SSL – Selecting this check box causes the Carbon Black EDR server to check the Carbon Black App Control server certificate before sending watchlist events. This should be checked only if the Carbon Black App Control console certificate is issued by a trusted authority (for example, not self-signed).
If you cannot create a successful connection, contact VMware Carbon Black Technical Support.
- When you have entered and successfully tested the Carbon Black App Control server settings in the Carbon Black App Control console, click Update on the System Configuration/Licensing page. The configuration should be complete and the servers should be integrated.