Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we shall get it updated.
Product |
Samurai [Local] Collector |
Samurai [Cloud] Collector |
VMware Carbon Black Cloud Enterprise EDR |
|
VMWare Carbon Black Cloud Enterprise EDR logs and data are collected via REST API and Streaming API.
To complete this Integration you will need to:
1) Within the VMware Carbon Black Cloud web interface
2) From the Samurai application:
Determine Environment
The URL for API access appears in the address bar in a browser as follows:
https://defense-<Cloud Instance ID>.conferdeploy.net
Take note of this URL as it will be required when completing the Integration within the Samurai MDR application.
Determine Org Key for API Access
To determine your Org Key for API Access:
- Login to your Carbon Black Cloud instance
- Select Settings > API Access
- The ORG KEY is shown on the screen.
Take note of this Org Key as it will be required when completing the Integration within the Samurai MDR application.
API Access
Use these steps to configure a custom API access level:
- Log in to your Carbon Black Cloud Instance with an account that has the Super Admin role.
- Click Settings > API Access
- Go to the Access Level tab
- Click Add Access Level
- In the Name field, enter Samurai-Access
- Enter a description
- Select the following permissions
-
org.alerts Read
- device Read
-
org.search.events Read
-
device.quarantine Execute (Optional, for Remote Isolation)
-
- Click Save
Use these steps to enable API configuration to allow Samurai to gather telemetry:
- Click Settings > API Access
- Click + Add API Key
-
Add a new API key with the following information:
- In the Name field, enter Samurai-MDR
- From the Access Level type list, select Custom
- From Custom Access Level list, select Samurai-Access
- Click Save
-
The API credentials are displayed
- Use the copy button to copy the Samurai-MDR API ID and API Secret Key. Paste the information to a file clearly indicating name, API ID, and API secret key.
If you did not manage to copy the information, click the down arrow on the corresponding Samurai-MDR row and select API Credentials
You will need the API ID and API Secret key when completing the integration within the Samurai MDR application.
Complete the VMware Carbon Black Cloud Enterprise EDR Integration
You will need:
- Devicename: (arbitrary name)
- Environment: (the URL from Determine Environment e.g https://defense-<ENV>.conferdeploy.net)
- Organization Key: (from Determine Org Key for API Access)
- API ID: (from API Access)
- API Secret: (from API Access)
- Login to the Samurai MDR web application
- Select Integrations
- Select Create
- Locate and click Carbon Black Enterprise EDR
- Click Next (we leverage a Samurai Cloud Collector)
- Enter a Name of Integration
- Enter a Description (Optional)
- Enter your Devicename
- Enter your Environment
- Enter your Organization Key
- Enter your API ID
- Enter your API Secret
- Click Finish
For general information on Integrations refer to the Integrations article.
Comments
0 comments
Article is closed for comments.