To learn more about Out-of-the-box Integrations and their benefits, please refer to
this article.
In this article, you will find out how to configure VMware Carbon Black Cloud to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.
Requirements
-
VMware Carbon Black Cloud Enterprise EDR or above
-
Lumu defender subscription
Setup VMware Carbon Black Cloud
Collect VMware Carbon Black Cloud Base URL
To interact with the VMware Carbon Black Cloud API, identify the
Base URL
of the service. The
Base URL
is the URL you use to manage your VMware Carbon Black Cloud deployment.
Generate API Access
-
To create an API Access in the side navigation bar go to
Settings
and click on
API Access
. Copy the Org key, it will be required to configure the integration.
- Before creating an API Access, we need to create an Access Level that
has permissions to create, read, and delete reputation. In the tab that
appears on the new page, click on
Access Levels.
- Now we click on
Add Access Level
, provide a name and description, and in the
Permission Name
column of the table, look for
Reputation.
Check the create, read and delete options and click
Save.
- Back in the
API Keys
tab, click
Add API Key
, give it a name and in
Access Level Type,
we select the
Custom
option. In
Custom Access Level
we select the
Access Level
that we just created.
- After saving, it will show us the
API ID
and the
API Secret Key
which we will use together with the
ORG Key
to connect to the API.
Add Integration
1. Log in to our Lumu account through the
Lumu Portal
and navigate to the integrations screen.
2. Locate the VMware Carbon Black Cloud integration in the available apps area, click to add, and then click to view details.
3. Familiarize yourself with the integration details available in the app
description and click the button below to activate the integration.
4. To activate the integration, add a
Name
and select the
Threat Types
you want to be pushed to your VMware Carbon Black Cloud deployment. Click
Next.
5. Fill in the required information, the
Base URL
, the
Organization Key
, the
API ID
and the
API Secret Key
with the data collected before. Click
Activate.
The integration is now created and active. Now the Lumu Portal will display the details of the created integration:
Once the integration is activated, the VMware Carbon Black Cloud reputation banned list will be updated with confirmed compromises found by Lumu within the preceding 3 days.