- Log into the EDR Hosted web interface as a global admin user.
- Navigate to User Name > My Account > API Token.
- Copy the API token.
- Open a command-line shell using a Linux or MacOS terminal.
- View the list of currently approved IP addresses. Run:
# curl -X GET "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>"
- If no IP's are currently approved, add your current, public-facing IP address from your active endpoint:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>" -H "Content-Type: application/json" -d "{\"ipaddr\": \"IP_ADDRESS\"}"
- Add additional IP addresses, one at a time per command, to be approved:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>" -H "Content-Type: application/json" -d "{\"ipaddr\": \"IP_ADDRESS\"}"
Example with optional CIDR notation:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>" -H "Content-Type: application/json" -d "{\"ipaddr\": \"192.168.0.1/24\"}"
- Each add command will respond with an ID that uniquely identifies the IP address entry:
<ID> of the IP address added
- Confirm that all desired IP's are present with the List command:
# curl -X GET "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>"
- Important: Your current public-facing IP address must be listed first or the instance will become inaccessible.
- Apply all changes:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/apply" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>"
- Confirm that approved service has been enabled:
# curl -X GET "https://<host>.my.carbonblack.io/api/approvedlist/enabled" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>"
- Possible states of approval:
Enabled/Enforcing = {"state": true}
Disabled/Not Enforcing = {"state": false}
- If the approval state is disabled, enable it:
curl -X PATCH "https://<host>.carbonblack.io/api/approvedlist/enabled" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>" -H "Content-Type: application/json" -d "{ \"state\": true}"
- Apply the changes:
curl -X POST "https://<host>.carbonblack.io/api/approvedlist/apply" -H "accept: application/json" -H "X-Auth-Token: <TOKEN>"