Hosted EDR: How to Approve an IP Address for WebUI Access
search cancel

Hosted EDR: How to Approve an IP Address for WebUI Access

book

Article ID: 285635

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To approve an IP Address by adding it to the NGINX IP Filter list for an EDR Hosted instance

Environment

  • EDR Hosted: All Versions

Resolution

  1. Log into the EDR Hosted web interface as a global admin user.
  2. Navigate to User Name > My Account > API Token.
  3. Copy the API token.
  4. Open a command-line shell using a Linux or MacOS terminal.
  5. View the list of currently approved IP addresses. Run:
# curl -X GET "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>"
  1. If no IP's are currently approved, add your current, public-facing IP address from your active endpoint:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>" -H  "Content-Type: application/json" -d "{\"ipaddr\": \"IP_ADDRESS\"}"
  1. Add additional IP addresses, one at a time per command, to be approved:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>" -H  "Content-Type: application/json" -d "{\"ipaddr\": \"IP_ADDRESS\"}"

Example with optional CIDR notation:

# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>" -H  "Content-Type: application/json" -d "{\"ipaddr\": \"192.168.0.1/24\"}"
  • Each add command will respond with an ID that uniquely identifies the IP address entry:
<ID> of the IP address added
  1. Confirm that all desired IP's are present with the List command:
# curl -X GET "https://<host>.my.carbonblack.io/api/approvedlist/entries" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>"
  • Important: Your current public-facing IP address must be listed first or the instance will become inaccessible. 
  1. Apply all changes:
# curl -X POST "https://<host>.my.carbonblack.io/api/approvedlist/apply" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>"
  1. Confirm that approved service has been enabled:
# curl -X GET "https://<host>.my.carbonblack.io/api/approvedlist/enabled" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>"
  • Possible states of approval:
Enabled/Enforcing = {"state": true}
Disabled/Not Enforcing = {"state": false}
  1. If the approval state is disabled, enable it:
curl -X PATCH "https://<host>.carbonblack.io/api/approvedlist/enabled" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>" -H  "Content-Type: application/json" -d "{  \"state\": true}"
  1.  Apply the changes:
curl -X POST "https://<host>.carbonblack.io/api/approvedlist/apply" -H  "accept: application/json" -H  "X-Auth-Token: <TOKEN>"

 

Additional Information

  • Added IP address must be external, public-facing addresses.
  • Optional CIDR blocks are acceptable.  Example: 123.123.123.100 or with CIDR 123.123.123.0/24.
  • IP Approval is now performed by the customer.  Carbon Black Support no longer performs these changes.
  • If using a proxy, please include the ' --proxy http://<proxy or IP>:port' switch to make sure its able to pass through for authentication.
Powered by Wolken Software