VMware Carbon Black Cloud Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.
In this article, you will find out how to configure VMware Carbon Black Cloud to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.
Requirements
- VMware Carbon Black Cloud Enterprise EDR or above
- Lumu defender subscription
Setup VMware Carbon Black Cloud
Collect VMware Carbon Black Cloud Base URL
To interact with the VMware Carbon Black Cloud API, identify the Base URL of the service. The Base URL is the URL you use to manage your VMware Carbon Black Cloud deployment.
Generate API Access
-
To create an API Access in the side navigation bar go to
Settings
and click on
API Access
. Copy the Org key, it will be required to configure the integration.
- Before creating an API Access, we need to create an Access Level that
has permissions to create, read, and delete reputation. In the tab that
appears on the new page, click on
Access Levels.
- Now we click on
Add Access Level
, provide a name and description, and in the
Permission Name
column of the table, look for
Reputation.
Check the create, read and delete options and click
Save.
- Back in the
API Keys
tab, click
Add API Key
, give it a name and in
Access Level Type,
we select the
Custom
option. In
Custom Access Level
we select the
Access Level
that we just created.
- After saving, it will show us the
API ID
and the
API Secret Key
which we will use together with the
ORG Key
to connect to the API.
Add Integration
1. Log in to our Lumu account through the
Lumu Portal
and navigate to the integrations screen.
2. Locate the VMware Carbon Black Cloud integration in the available apps area, click to add, and then click to view details.
3. Familiarize yourself with the integration details available in the app
description and click the button below to activate the integration.
4. To activate the integration, add a
Name
and select the
Threat Types
you want to be pushed to your VMware Carbon Black Cloud deployment. Click
Next.
5. Fill in the required information, the
Base URL
, the
Organization Key
, the
API ID
and the
API Secret Key
with the data collected before. Click
Activate.
The integration is now created and active. Now the Lumu Portal will display the details of the created integration:
Once the integration is activated, the VMware Carbon Black Cloud reputation banned list will be updated with confirmed compromises found by Lumu within the preceding 3 days.
Related Articles
VMWare Carbon Black EDR Custom Response Integration with Lumu Defender API
Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...Google Cloud Platform VPC Out-of-the-box Data Collection Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Google Cloud Platform (GGP) VPC to pull and collect data from your network in the form of logs, and ...Lumu Out-of-the-box Integrations
For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. Lumu's Out-of-the-box (OOTB) integrations are a seamless and convenient way to integrate Lumu with other solutions in your cyberdefense stack to ...Trend Vision One Out-of-the-Box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements Trend Vision One Make sure you read the Suspicious Object Management article on the Trend Micro documentation thoroughly to ensure a smooth ...Netskope SWG Out-of-the-Box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements Netskope Next Gen SWG Netskope Next Gen SWG Access REST API v2 enabled on your tenant REST API token with Read+Write privileges on the ...