Managing the Carbon Black Cloud Integration (Connector)
search cancel

Managing the Carbon Black Cloud Integration (Connector)

book

Article ID: 287150

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

More information on the Carbon Black Cloud Integration and how to enable it via the Connector.

Environment

  • App Control Console: All Supported Versions
  • Carbon Black Cloud: All Supported Versions

Resolution

Enable Carbon Black Cloud Integration

  1. Log in to the App Control Console and navigate to Settings > System Configuration > Connectors.
  2. Choose the Carbon Black Cloud tab and click Edit
  3. Complete details accordingly
    1. Enable Carbon Black Cloud Integration: Check to enable
    2. Cloud Enterprise EDR: Choose accordingly for your environment
      • Requires the Enterprise EDR entitlement in Carbon Black Cloud.
      • Determines the number and type of URL fields displayed.
    3. Populate from URL: Use the relevant Cloud Dashboard URL for your environment
      • The base portion of the URL can be entered with or without https:// and with or without a trailing slash.
    4. Verify the URLs are filled correctly.
  4. Click Update.

 

Using the Carbon Black Cloud Integration

Notes:

  • Endpoints must also have a Carbon Black Cloud Sensor installed.
  • The entitlement for Enterprise EDR is not the same as the Carbon Black EDR (formerly Response) product.
  • The Cloud Integration will not
    • Detect/report whether a Cloud Sensor is also installed on the endpoint.
    • Change the Carbon Black EDR status on the Computer Details page.

 

After the Cloud Integration is configured and activated, links on File Details, Fine Instance Details and Computer Details pages will be available. Clicking the links will take you to the relevant area of the Carbon Black Cloud Console:

App Control Console Navigation Breadcrumbs Link Name Cloud Console Target Location
Computer Details Page Assets > Computers > relevant Computer Carbon Black Cloud Device Inventory > Endpoints:
Search for relevant machine name
Computer Details Page Assets > Computers > relevant Computer Carbon Black Cloud Events Investigate:
Search for events matching machine name
File Details Page Assets > Files > Relevant file > View Details (pencil icon) Carbon Black Cloud Events Investigate:
Search events matching file hash
Process Name Column Reports > Events > Column: Process Name Cloud icon next to Process Investigate:
Search events matching process hash

Additional Information

  • More information available in the User Guide section: Enabling Carbon Black Cloud Integration
  • The Carbon Black Cloud Enterprise EDR choice determines the number and type of URL fields displayed.
Powered by Wolken Software