Activate and configure the Carbon Black integration

The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including the Carbon Black integration.

Before you begin

Role required: admin
Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method.

Procedure

  1. Access Carbon Black and obtain the API Token under your profile.
  2. Navigate to Security Operations > Integrations > Integration Configurations.
    The available security integrations appear as a series of cards.
    Carbon Black integration card
  3. In the Carbon Black card, click Install Plugin.
  4. In the Install Carbon Black integration dialog box, review the plugin details and click Activate.
  5. When the activation is complete, click Close & Reload Form.
    The Security Integration screen reloads and the Configure button for the integration is available.
  6. Click Configure.
  7. Enter the Endpoint Base you acquired from the Carbon Black site.
  8. Enter the API Token you acquired from the Carbon Black site.
  9. Check the Use Mid Server box, if it is not already checked.
  10. [Optional] Check the Enable Isolate Host box to allow selected configuration items to be isolated from the Configuration Items related list tab in a security incident.
  11. Click Submit.
    You are returned to Security Integrations screen. You are ready to use the Carbon Black integration.