Integrate with VMware Carbon Black

With VMware Carbon Black integration you can monitor endpoint activity data and block potential threats.

With this integration, you can use Device Posture t to calculate the Carbon Black client status running on the user’s device. The Carbon Black client status can be reported as healthy if the Carbon Black client running on the device is communicating regularly with the Carbon Black server, or unhealthy if the client is inactive. Additionally, Device Posture can verify if the user’s device is assigned to a specific Carbon Black policy. Both of those signals are included in the Device Posture security posture evaluation.

The following is the list of Carbon Black data that you can monitor in the Integration tab of the Device Details report:

Carbon Black Signal Description
Policy Name The name of the policy assigned to the device.
Status The status sent by the VMware Carbon Black server.
Version The current version of the VMware Carbon Black software installed on the device.
Last Contact The date and time of the last contact with the VMware Carbon Black server in your local time zone.
Note: Device Posture uses the value of the Last Contact signal to calculate the status of the Carbon Black client.


Prerequisites

  • End user devices must install and run the VMware Carbon Black agent. Only the Cb Defense product is supported.
  • Authentication to the VMware Carbon Black API requires an API Secret Key and the API ID. You can generate the API Secret Key and API ID from the VMware Carbon Black Defense console.
  • VMware Carbon Black rules are only supported for desktop (Windows and macOS) devices.
To integrate with VMware Carbon Black, you need to follow these steps:
  1. Configure VMWare Carbon Black cloud with a Custom Access Level.
  2. Configure Akamai Control Center for VMware Carbon Black integration.

Configure VMware Carbon Black cloud with a Custom Access Level

Complete this procedure to obtain your Carbon Black API ID and API Secret Key.

  1. Log in to the Carbon Black Dashboard. You can find your Dashboard URL at the VMware Carbon Black community page.
  2. Go to Settings > API Access, and click Access Levels.
  3. Click Add Access Level.
  4. On the Add Access Level page:
    1. Enter Access Level name and description
    2. Scroll down the Access Level table and set Read permission type as General information for a Device category.


  5. Click Save.
  6. Go to Settings > API Access, and click API Keys.
  7. Click Add API Key.
  8. In the Add API Key dialog:
    1. Enter a unique API Key name.
    2. In the Access Level type, select Custom.
    3. In the Custom Access Level, select the Access Level that you previously created.


  9. Click Save.
  10. The API Credentials dialog that appears contains your API ID and API Secret Key. Copy this data and use it in the following step to Configure Akamai Control Center for VMware Carbon Black integration. See Carbon Black documentation to learn more.


Configure Akamai Control Center for VMware Carbon Black integration

Complete this procedure in Akamai Control Center to integrate with VMware Carbon Black API ID and API Secret Key that you obtained in the previous step of configuration.

How to

  1. In the EAA Management Portal, select System > Device Posture.
    The Device Posture page appears.
  2. On the Device Posture page, click the Integrations tab and complete the following fields:
    Field Description
    Enabled Select Enabled to use VMware Carbon Black signals in tiers and tags.
    Note: If this field is not selected, VMware Carbon Black criteria do not display on the UI pages where you define tiers and tags or generate reports.
    API Hostname Select the URL for the API Hostname.

    Your Portal Hostname is based on your region, when you configured your VMware Carbon Black account. For example, if you selected Prod01 (N Am) as your region, enter https://dashboard.confer.net.

    It's the same as the API URL shown in the VMware Carbon Black community page sans the forward slash at the end.

    API Secret Key and API ID Enter your API ID and API Secret Key used to access the API.

    To get values of those credentials, go to Settings > API Access > API Keys in the VMware Carbon Black Cloud console.

    ORG Key Enter the ORG Key that can be found in the VMware Carbon Black console under Settings > API Access > API Keys in the VMware Carbon Black Cloud console.


  3. Click Test Credentials to ensure the values are correct.
  4. Click Save to save the information.

Next steps

After completing these steps, use the following criteria when defining tiers/tags and when generating reports:
  • Use VMware Carbon Black Policy <policy name> and VMware Carbon Black Status Healthy to define tiers and tags, and to generate inventory reports. See Configure tiers and tags and Create an inventory report for further details.
  • View the Integration section of the Device Details report to check the Carbon Black information.