Device Integration: Carbon Black

Modified on Tue, 14 Apr at 9:37 PM


Overview

This article explains how to onboard Carbon Black Cloud (VMware Carbon Black) into ADR SIEM. It covers UI provisioning steps, configuration details (including config JSON), verification, troubleshooting, security considerations. Use this article as a reference for operations, onboarding, and documentation handoffs. 

Carbon Black Cloud is a software as a service (SaaS) solution that provides next-generation anti-virus (NGAV), endpoint detection and response (EDR), advanced threat hunting, and vulnerability management within a single console using a single sensor.


Pre-requisite

  • Active Carbon Black subscription with administrative access
  • ADR platform access with administrative privileges
  • Network connectivity between ADR and Carbon Black cloud services
  • Firewall configuration allowing outbound HTTPS connections on port 443


Steps to add the Carbon Black (Cloud) support

Part 1: Generate API Credentials in Carbon black

Reference: Generate an API Key for Your Appliance (vmware.com)


Part 2: Configure Integration in ADR

  • Log into your ADR platform
  • Navigate to the tenant where you want to add Carbon Black integration
  • Follow the menu path: Administration > Add-On Store > Carbon Black




Verification (MSSP Only)

From CCE:

To verify it from CCE Please go to ADR CCE and run below cmd:

otmdoc -s addondevice
crontab -l

Make sure the cronjob is running without any error. 


From UI:

In UI go to the System tab, we will check that we are seeing Carbon Black

STEP 1: Log in to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS.


STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

Integration Successful:

  • Carbon Black device appears in the source device list
  • Log collection status shows "Active" or "Running"
  • CrowdStrike logs are appearing in ADR
  • No authentication errors in the system logs


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article