Creating an extended integration for VMware Carbon Black assets

Let Oomnitza be your single source of truth!

You'll get visibility of all the devices in your organization as data obtained from VMware Carbon Black Cloud is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and VMware Carbon Black in minutes

Get the information and the insights that you need to reduce costs and the time that you spend on administration tasks such as:

• Configurable dashboards and list views of key information relating to Carbon Black Cloud-managed devices
• Configurable reports to share information about Carbon Black Cloud-managed devices with your colleagues and management
• Configurable workflows that you can easily create for onboarding a user to the Carbon Black Cloud platform

Before you start

Creating the asset integration

Creating custom mappings

Creating workflows

Creating asset workflows with the API block

Invite User/Asset

Before you start

Before we can configure the Carbon Black Cloud Extended Connector, you must set the access level for devices to "READ". To create an access level, go to your Carbon Black Cloud console, and open the Add Access Level panel from Settings > API Access > Access Levels tab. For further information, refer to the Carbon Black Documentation: Create an access level.

You also need to have an API Key generated from the Carbon Black Cloud console. For further information, refer to the Carbon Black Documentation: Create an API Key.

Adding your credentials to Oomnitza

1. In Oomnitza, click Configuration > Security > Credentials.
2. Click Add new credential (+).
3. Search for the integration, and then click the forward button > to select the integration.
4. Add your API key.
5. Click Create.

Integration not in the list? Click Advanced Mode and complete these steps:

1. Add the information details.
2. Click the AUTHORIZATION tab.
3. Ensure that API Key is selected as the Authorization type.
4. Ensure that the Token Name is X-AUTH-TOKEN
5. Enter the API Key.
6. Ensure that Add to Header is selected.
7. Click Create.

Adding global variables

To save time entering information when you create the integration and the workflow, you can add the CarbonBlack hostname and port number as a global variable in Oomnitza.

1. From the menu, go to Configuration>General.
2. Click Global Settings.
3. Click Add new variable (+). 
4. Enter CarbonBlack.Hostname as the variable name. Possible values include:
   • EAP01 - https://defense-eap01.conferdeploy.net
   • Prod 01 - https://dashboard.confer.net/
   • Prod 02 - https://defense.conferdeploy.net/
   • Prod 05 - https://defense-prod05.conferdeploy.net/
   • Prod 06 - https://defense-eu.conferdeploy.net/
   • Prod NRT - https://defense-prodnrt.conferdeploy.net/
   • Prod Syd - https://defense-prodsyd.conferdeploy.net/
5. Enter your CarbonBlack hostname. 
6. Repeat the steps above and add the CarbonBlack.OrgKey and CarbonBlack.OrgId variable and value. You can find both in the Carbon Black Cloud Console under Settings > API Access. 
7. Save your changes.

Creating the asset integration

1. In Oomnitza, click Configuration> Integrations> Overview.
2. Click Block view
3. Scroll down to the Extended section for asset integrations.
4. Click NEW INTEGRATION.
5. Select the integration in the sidebar.
6. Click ADD.

Integration Overview

More information is provided about the following fields to help you complete the integration:

• Integration preferences:  By default, the option Create & Update is selected, which allows for editing existing asset records and adding new ones. If your goal is only to edit existing asset records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click the pencil:

1. Update the integration name if necessary. 
2. For installation type decide whether you want to store the credentials locally or in Oomnitza:
   1. Select Local if you want to store credentials locally. This mode does not support OAuth or AWS authentication.
   2. Select Cloud if you want to store credentials in your Oomnitza instance.
3. For integration preferences, select an option.
4. Enter the name of the integration user.

Credential details

Choose one of the following options:

• Select the credentials that were created for the integration.
• Edit the credentials that were created for the integration.
• Create new credentials

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

1. Click the pencil.
2. Configure your schedule.
3. Click Update.

Mappings

To map the fields to Oomnitza, click the pencil.

Creating custom mappings

The following fields can be mapped from Carbon Black Cloud using Oomnitza's User Interface. 

Note: Mappings are dependent on the customer instance and not all fields may be available within your instance. 

Available fields

Name
*Email
firstName
lastName
target Value
status
registeredTime
deregisteredTime
lastContactTime
lastInternalIpAddress
lastExternalIpAddress
deviceType
policyName
windowsPlatform
osVersion
sensorVersion
avEngine
virtualMachine
virtualizationProvider
macAddress
groupName

Device Details

activation_code
activation_code_expiry_time
ad_group_id
av_ave_version
av_engine
av_last_scan_time
av_master
av_pack_version
av_product_version
av_status
av_update_servers
av_vdf_version
current_sensor_policy_name
deregistered_time
id
device_owner_id
email
first_name
last_contact_time
last_device_policy_changed_time
last_device_policy_requested_time
last_external_ip_address
last_internal_ip_address
last_location
last_name
last_policy_updated_time
last_reported_time
last_reset_time
last_shutdown_time
linux_kernel_version
login_user_name
mac_address
mac address (formatted) - like AA:BB::CC::DD::00::11
middle_name
name
organization_id
organization_name
os
os_version
passive_mode
policy_id
policy_name
policy_override
quarantined
registered_time
rooted_by_analytics
rooted_by_analytics_time
rooted_by_sensor
scan_last_action_time
scan_last_complete_time
scan_status
sensor_out_of_date
sensor_states
sensor_version
status
target_priority_type
uninstall_code
vdi_base_device
virtual_machine
virtualization_provider
windows_platform

* The email of the user who installed the sensor (refer also to the invite preset below)

Did you know? 
You can define rules for your integration by selecting Edit integration on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  

You can add new fields to your integration by selecting Add new field   on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Launching the integration

Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, select Launch to activate your integration. 

If you selected Cloud as the installation type when creating the integration, refer to Running an extended integration

If you selected Local as the installation type when creating the integration, refer to Running an extended integration locally.

Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.  
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu

Related Links

Creating workflows

Creating asset workflows with the API block

To create an asset workflow, you must select credentials and enter the global variables added to Oomnitza.

To choose a preset, complete these steps:  

1. Click Configuration > Workflows 
2. Click Add (+) and select Assets from the list.
3. Drag and drop the API block onto the Sandbox.
4. Click Edit on the API block and enter Carbon Blackin the search field. 
5. Select the Invite User/Asset preset.
6. To choose a preset, click the forward arrow (>).
7. Configure the API Block following the preset instructions below, and save your changes.
8. Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to New you can trigger a workflow every time a new asset is created. Refer to Using the Begin block.
9. Connect the Blocks. 
10. Save, validate, and activate your workflow.

 Understanding Workflows

Using the Invite User/Asset preset

Using this preset allows you to trigger the sending of an email from VMWare Carbon Black to a given user, and mimics the Send installation request function in the Carbon Black Cloud Web UI. The email contains a link to download the installs as well as a unique code for the user to enter when running the installation. This feature enables you to roll out Carbon Black to new users in your organization easily and is especially useful if you don't want to deploy it using an MDM or client management solution. In addition, you can connect the user with the asset which makes it easier to track the assigned user once you load these assets via the asset load connector. This is particularly helpful if you are within a domain-less enterprise and allow all end users to be admins on their devices.

This API is not officially supported by VMWare and as such please use it with caution and at your own discretion. Also, this will require Super Admin rights, which might not be suitable for everyone.

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

• Configure dashboards for your users and software
• Configure custom reports about your users and software
• Create workflows to automate tasks

See Getting started for more information.