Integrate with VMware Carbon Black
With VMware Carbon Black integration you can monitor endpoint activity data and block potential threats.
With this integration, you can use Device Posture t to calculate the Carbon Black client status running on the user’s device. The Carbon Black client status can be reported as healthy if the Carbon Black client running on the device is communicating regularly with the Carbon Black server, or unhealthy if the client is inactive. Additionally, Device Posture can verify if the user’s device is assigned to a specific Carbon Black policy. Both of those signals are included in the Device Posture security posture evaluation.
The following is the list of Carbon Black data that you can monitor in the Integration tab of the Device Details report:
|Carbon Black Signal||Description|
|Policy Name||The name of the policy assigned to the device.|
|Status||The status sent by the VMware Carbon Black server.|
|Version||The current version of the VMware Carbon Black software installed on the device.|
|Last Contact||The date and time of the last contact with the VMware
Carbon Black server in your local time zone.
Note: Device Posture uses the value of the Last Contact signal to calculate the status of the Carbon Black client.
- End user devices must install and run the VMware Carbon Black agent. Only the Cb Defense product is supported.
- Authentication to the VMware Carbon Black API requires an API Secret Key and the API ID. You can generate the API Secret Key and API ID from the VMware Carbon Black Defense console.
- VMware Carbon Black rules are only supported for desktop (Windows and macOS) devices.
- Configure VMWare Carbon Black cloud with a Custom Access Level.
- Configure Akamai Control Center for VMware Carbon Black integration.
Configure VMware Carbon Black cloud with a Custom Access Level
- Log in to the Carbon Black Dashboard. You can find your Dashboard URL at the VMware Carbon Black community page.
- Go to Access Levels. , and click
- Click Add Access Level.
On the Add Access Level
- Enter Access Level name and description
Scroll down the Access
Level table and set Read
permission type as General
information for a Device
- Click Save.
- Go to API Keys. , and click
- Click Add API Key.
In the Add API Key
- Enter a unique API Key name.
- In the Access Level type, select Custom.
In the Custom Access
Level, select the Access Level that you previously
- Click Save.
The API Credentials
dialog that appears contains your API ID and API Secret Key. Copy this data and
use it in the following step to Configure Akamai Control Center for VMware Carbon Black integration. See Carbon Black documentation to learn more.
Configure Akamai Control Center for VMware Carbon Black integration
In the EAA
Management Portal, select .
The Device Posture page appears.
On the Device Posture
page, click the Integrations tab and complete the following fields:
Field Description Enabled Select Enabled to use VMware Carbon Black signals in tiers and tags.Note: If this field is not selected, VMware Carbon Black criteria do not display on the UI pages where you define tiers and tags or generate reports. API Hostname Select the URL for the API Hostname.
Your Portal Hostname is based on your region, when you configured your VMware Carbon Black account. For example, if you selected Prod01 (N Am) as your region, enter https://dashboard.confer.net.
It's the same as the API URL shown in the VMware Carbon Black community page sans the forward slash at the end.
API Secret Key and API ID Enter your API ID and API Secret Key used to access the API.
To get values of those credentials, go toin the VMware Carbon Black Cloud console.
ORG Key Enter the ORG Key that can be found in the VMware Carbon Black console under in the VMware Carbon Black Cloud console.
- Click Test Credentials to ensure the values are correct.
- Click Save to save the information.
- Use VMware Carbon Black Policy <policy name> and VMware Carbon Black Status Healthy to define tiers and tags, and to generate inventory reports. See Configure tiers and tags and Create an inventory report for further details.
- View the Integration section of the Device Details report to check the Carbon Black information.