How to Set Up Carbon Black Endpoint Standard in Rapid7 InsightIDR
search cancel

How to Set Up Carbon Black Endpoint Standard in Rapid7 InsightIDR

book

Article ID: 290976

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to set up Carbon Black Endpoint Standard in Rapid7 InsightIDR

Environment

  • Carbon Black Cloud Console: Current Version
  • Endpoint Standard: Current Version
  • Rapid7 InsightIDR

Resolution

  1. Login to InsightIDR console
  2. From the left menu, go to Data Collection.
  3. When the “Data Collection” page appears, click the Setup Event Source drop down and choose Add Event Source.
  4. From the “Virus Scan” section, click the Carbon Black Defense icon. The “Add Event Source” panel appears. 
  5. Choose the collector and event source. Name the event source if desired.
  6. If sending additional events beyond alerts, select the unfiltered logs checkbox Carbon Black Endpoint Standard events. Carbon Black recommends use of TCP as the protocol.
  7. Enter the API URL for Carbon Black Cloud: URLs are used to access the APIs 
  8. In the SIEM API Key field, enter the secret key.
  9. Enter the SIEM Connector ID. For more information about the SIEM Connector ID, see Carbon Black Cloud API Access.
  10. Click Save.

Additional Information

Verify the Configuration

  • To verify that the configuration is correct, From the left menu, click Log Search to view the raw logs to ensure events are making it to the Collector. Carbon Black Cloud logs flow into Virus Scan log sets.
Powered by Wolken Software