VMware Carbon Black Cloud Integration

 

Oomnitza's VMware Carbon Black Extended integration allows organizations to retrieve device information from Carbon Black Cloud Platform and populate it in Oomnitza as well as manage the devices via multiple presets.

More info in Carbon Black Cloud Platform can be found here: https://www.carbonblack.com/products-index/#

 

Workload - Free Trial FAQs | VMware Carbon Black

Available Integrations

 

Setup

Details on setting up Oomnitza Extended Connectors can be found in Oomnitza's Articles on Connector Setup.

Note: In addition to the standard fields entered during setup, you'll also need your Carbon Black Cloud Environment, Org Key and Org Id. 

First you need to determine which environment, or product URL you use. You can find this by looking at the web address of your Carbon Black Cloud console. This should be entered into global settings table as CarbonBlack.Hostname. Right now possible values are:

  • EAP01 - https://defense-eap01.conferdeploy.net
  • Prod 01 - https://dashboard.confer.net/
  • Prod 02 - https://defense.conferdeploy.net/
  • Prod 05 - https://defense-prod05.conferdeploy.net/
  • Prod 06 - https://defense-eu.conferdeploy.net/
  • Prod NRT - https://defense-prodnrt.conferdeploy.net/
  • Prod Syd - https://defense-prodsyd.conferdeploy.net/

Secondly, you should note your Org key as well as Org Id. You can find both in the Carbon Black Cloud Console under Settings > API Access. You may enter them into global settings table under the values CarbonBlack.OrgKey and CarbonBlack.OrgId.

 

Authentication

Carbon Black Cloud APIs are authenticated via API keys . Credentials for Carbon Black Cloud should be added to The Oomnitza Vault. VMWare Carbon Black requires an API Key type Authentication using API Secret Key / API ID. When entering the credential into Oomnitza, use API Key type, specify X-Auth-Token as Token Name and then enter [API Secret Key]/[API ID]  as the API Key.

Before we can configure the Carbon Black Cloud Extended Connector, you must ensure the correct Access Level (For the category Device > General Information > “device” allow permissions for “READ”) and API Key generated from with the Carbon Black Cloud console.

Information required for a successful Integration setup:

1. Access Level created (“device” allow permissions for “READ”)

2. API Key generated (resulting in API Secret Key and API ID)

3. Environment identified (the Dashboard url)

4. Org Key (Settings> API Access)

Further Documentation Links:

 

Load list of devices/endpoints from Carbon Black Cloud

Note: You'll be asked to enter your Carbon Black Cloud Environment and Org Key during configuration, see above for details.

Standard Mappings

The following fields can be mapped from Carbon Black Cloud using Oomnitza's User Interface. For more information on creating Extended Connector Mappings, please see our article on Mapping Extended Connectors.

Note: Mappings are dependent on customer instance and not all fields may be available within your instance. 

Available fields:

  • Name
  • Email - email of the user who installed the sensor (see also invite preset below)
  • firstName
  • lastName
  • target Value
  • status
  • registeredTime
  • deregisteredTime
  • lastContactTime
  • lastInternalIpAddress
  • lastExternalIpAddress
  • deviceType
  • policyName
  • windowsPlatform
  • osVersion
  • sensorVersion
  • avEngine
  • virtualMachine
  • virtualizationProvider
  • macAddress
  • groupName

Device Details:

  • activation_code
  • activation_code_expiry_time
  • ad_group_id
  • av_ave_version
  • av_engine
  • av_last_scan_time
  • av_master
  • av_pack_version
  • av_product_version
  • av_status
  • av_update_servers
  • av_vdf_version
  • current_sensor_policy_name
  • deregistered_time
  • id
  • device_owner_id
  • email
  • first_name
  • last_contact_time
  • last_device_policy_changed_time
  • last_device_policy_requested_time
  • last_external_ip_address
  • last_internal_ip_address
  • last_location
  • last_name
  • last_policy_updated_time
  • last_reported_time
  • last_reset_time
  • last_shutdown_time
  • linux_kernel_version
  • login_user_name
  • mac_address
  • middle_name
  • name
  • organization_id
  • organization_name
  • os
  • os_version
  • passive_mode
  • policy_id
  • policy_name
  • policy_override
  • quarantined
  • registered_time
  • rooted_by_analytics
  • rooted_by_analytics_time
  • rooted_by_sensor
  • scan_last_action_time
  • scan_last_complete_time
  • scan_status
  • sensor_out_of_date
  • sensor_states
  • sensor_version
  • status
  • target_priority_type
  • uninstall_code
  • vdi_base_device
  • virtual_machine
  • virtualization_provider
  • windows_platform

Custom Mappings

Additional fields may be available through Carbon Black Cloud Platform. For details on how to retrieve them, please reach out to support@oomnitza.com or see our article on Mapping Extended Connectors.

 

Load List of Users

coming soon

 

Invite User/Asset

Using this preset allows you to trigger the sending of an email from VMWare Carbon Black to a given user (basically the Send installation request function within Carbon Black Cloud WebUI). This email contains a link to download the installs as well as a unique code for the user to enter when running the installation. This is very useful to roll out Carbon Black to new user's within your organization in case you don't want to deploy it using an MDM or client management solution. Also this way you can already connect the user with the asset which will make it easier to then track the assigned to user once you load these assets via the asset load connector, especially if you are within a domain-less enterprise and allow all end users to be admins on their devices.

The used API in this case is not officially supported by VMWare and as such please use with caution and at your own discretion. Also this will require Super Admin rights, which might not be suitable for everyone.

This preset leverages the global settings CarbonBlack.Hostname and CarbonBlack.OrgId.

 

Quarantine endpoint

coming soon

 

Remove endpoint from quarantine

 

 

Bypass endpoint

coming soon

 

Start background scan on endpoint

coming soon

 

Update policy on endpoint

coming soon

 

Update sensor on endpoint

coming soon

 

Uninstall sensor on endpoint

coming soon

 

Delete Endpoint

coming soon

 

Delete User

coming soon

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk