Skip to main content
Skip table of contents

VMware Carbon Black Endpoint

VMware Carbon Black Endpoint is a next-generation antivirus (NGAV) and behavioral endpoint detection and response (EDR) solution that protects against the full spectrum of modern cyber-attacks. VMware Carbon Black Cloud includes a universal agent and a console.  

Creating an API Key in Carbon Black

To create an API key in Carbon Black:

  1. As an administrator, connect to the VMware Carbon Black App Control admin panel. Navigate to Login Accounts.

  2. Click Add User and fill in the details.

  3. In User Roles, select the default group ReadOnly.

  4. Select Show API token and generate. Copy and save the token.

  5. Click Create & Exit.

Configuring the Connector for Carbon Black

To configure Lucidum to ingest data from Carbon Black:

  1. Log in to Lucidum.

  2. In the left pane, click Connector.

  3. In the Connector page, click Add Connector.

  4. Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.

  5. In the Settings page, enter the following:

    • URL (required) – The URL of the VMware Carbon Black API. For example, https://defense-prod05.conferdeploy.net/

    • API Key (required) - An API Key for a user account that has the Read Permissions to fetch assets. The key combines {API Secret}/{API ID}

    • Organization Key (optional) - Organization Key

    • Verify SSL. For future use.

  6. To test the configuration, click Test.

    • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

    • If the connector is not configured correctly, Lucidum displays an error message.

API Documentation

https://developer.carbonblack.com/reference/carbon-black-cloud/platform-apis/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.