Enter data that pertains to your Carbon Black connector for the CB Defense agent so that Workspace ONE Intelligence can access threat intelligence data and display it for analysis.

To register Carbon Black with Workspace ONE Intelligence, enter the keys and IDs for your Carbon Black API connector and your Carbon Black SIEM connector.
Note: For more information on how to generate API keys and subscribe to Carbon Black event notifications, use the Help > User Guide > Managed Notifications documentation in the Carbon Black console. You can also contact Carbon Black Support.

Prerequisites

Use the CB Defense agent for Windows 10 version 3.4.0.1016 or newer.
Note: Currently, Windows Desktop (Windows 10) is supported for the CB Defense agent.

Procedure

  1. In the Workspace ONE Intelligence console, go to Settings > Integrations > Carbon Black > Set Up > Get Started.
    To access previously entered credentials, select to Edit Carbon Black.
  2. In the Provide Credentials area, enter the information for a successful connection.
    Settings Descriptions
    Base URL Enter the URL for your Carbon Black instance so that Workspace ONE Intelligence can access it. This string begins with https://.
    API Key

    Enter the value that gives Workspace ONE Intelligence permission to authenticate with your Carbon Black instance. This key with the ID provides access to Carbon Black APIs except notification APIs.

    SIEM Key

    Enter the value that gives Workspace ONE Intelligence permission to send notifications and alerts to devices that are part of SIEM systems. This key provides access to all Carbon Black notification APIs.

    API Connector ID Enter the value that works with the API Key to authenticate with your Carbon Black instance. This ID with the key provides access to Carbon Black APIs except notification APIs.
    SIEM Connector ID Enter the value that works with the SIEM Key to give Workspace ONE Intelligence access to Carbon Black APIs for notifications.
  3. To finish the configuration, select Authorize.

What to do next

To view data for this service, use widgets on My Dashboards or view data in the Threats Summary module in Security Risk > Threats. You can create an automation Workflows to act on Trust Network data.