Connect Carbon Black

Overview

You will need the following information in order to onboard your Carbon Black Alert data source:

1. Product URL
2. Org Key
3. API ID
4. API Secret Key

Determine Your Product URL

Step 1. You need to determine which environment, or product URL you use. You can find this by looking at the web address of your Carbon Black Cloud console. Select your URL to view a table with the base URL for each product and API.

• EAP01 - https://defense-eap01.conferdeploy.net/
• Prod 01 - https://dashboard.confer.net/
• Prod 02 - https://defense.conferdeploy.net/
• Prod 05 - https://defense-prod05.conferdeploy.net/
• Prod 06 - https://defense-eu.conferdeploy.net/
• Prod NRT - https://defense-prodnrt.conferdeploy.net/
• Prod Syd - https://defense-prodsyd.conferdeploy.net/

For example, your Product URL would be https://defense-prod05.conferdeploy.net/ if you are using Prod 05.

Find Your Org Key

Step 2. Your Org Key can be found in your product console under Settings > API Access > API Keys.

Creating a Custom Access Level

Step 3. You need to create a custom Access Level before you create your API Key. In order to onboard your Carbon Black alerts with Fletch, your API Key needs “READ” permission for “org.alerts”.

a. Go to your Carbon Black Cloud console, and open the “Add Access Level” panel from Settings > API Access > Access Levels tab.

b. Give the access level a unique name (you will need this for creating your API Key) and give it a description.

c. From the table below, scroll down until you see your API Service Category. Add the “READ” operation for the “org.alerts” permission by using Notation Name column.

Creating an API Key

Step 4:

a. To create an API Key, go to Settings > API Access > API Keys tab in the Carbon Black Cloud console.

b. Select “Add API Key” from the far right.

c. Give the API Key a unique name, and select the appropriate access level provided in the table above. If you select “Custom”, you will need to choose the Access Level you created in the prior section.

• Choose a name to clearly distinguish the API from your organization’s other API keys. Example: Fletch_Read_Org_Alerts_Key
• You can also add Authorized IP addresses and a description to differentiate among your APIs. Administrators can restrict use of an API key to a specific set of IP addresses for security reasons.

d. Hit save, and you will be provided with your API Key Credentials: API Secret Key and API ID.

Congrats!

Now you have all you need,

Make sure you have these available for the next step in Fletch.

1. Carbon Black Base URL Of Your Product
2. Carbon Black Org Key
3. Carbon Black API ID
4. Carbon Black API Secret Key