Enter data that pertains to your Carbon Black connector for the CB Defense agent so that Workspace ONE Intelligence can access threat intelligence data and display it for analysis.
To register Carbon Black with Workspace ONE Intelligence, enter the keys and IDs for your Carbon Black API connector and your Carbon Black SIEM connector.
For information on how to generate API keys, subscribe to Carbon Black event notifications, and the API endpoint URL of your Carbon Black instance, access the topic API Access on the Carbon Black /Developers site.
- In the Workspace ONE Cloud Admin Hub, go to Integrations > Carbon Black > Set Up > Get Started. To access previously entered credentials, select to Edit Carbon Black.
- In the Provide Credentials area, enter the information for a successful connection.
- Base URL: Enter the API endpoint URL for your Carbon Black instance so that Workspace ONE Intelligence can access it. This string begins with https://.
- API Key - Enter the value that gives Workspace ONE Intelligence permission to authenticate with your Carbon Black instance. This key with the ID provides access to Carbon Black APIs except notification APIs.
- SIEM Key - Enter the value that gives Workspace ONE Intelligence permission to send notifications and alerts to devices that are part of SIEM systems. This key provides access to all Carbon Black notification APIs.
- API Connector ID - Enter the value that works with the API Key to authenticate with your Carbon Black instance. This ID with the key provides access to Carbon Black APIs except notification APIs.
- SIEM Connector ID - Enter the value that works with the SIEM Key to give Workspace ONE Intelligence access to Carbon Black APIs for notifications.
- To finish the configuration, select Authorize.
What to do next
To view data for this service, use widgets on My Dashboards or view data in the Threats Summary module in Security Risk > Threats. You can create an automation workflows to act on Trust Network data.