VMware Carbon Black Protection Operation
The web format of this guide reflects the most current release. Guides for older iterations are available in PDF format.
Integration Details
ThreatQuotient provides the following details for this integration:
| Current Integration Version | 1.0.0 |
| Compatible with ThreatQ Versions | >= 4.33.0 |
| Support Tier | ThreatQ Supported |
Introduction
The Carbon Black Protection operation is used to apply policy rules to MD5, SHA-1 and SHA-256 hashes in CB Protection. The rules it can apply are ban, approve, or unapprove. When executed the operation sends the selected hash from ThreatQ to CB Protection and applies the rule a Threat Analyst has selected.
Installation
This integration can be installed in the My Integration section of your ThreatQ instance. See the Adding an Integration topic for more details.
Configuration
ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.
To configure the integration:
- Navigate to your integrations management page in ThreatQ.
- Select the Operation option from the Type dropdown (optional).
- Click on the integration entry to open its details page.
- Enter the following parameters under the Configuration tab:
Parameter Description Hostname Hostname or IP address of the Carbon Black Protection instance. Port Port for communicating with the Carbon Black Protection API. API Key API key for authenticating with Carbon Black Protection. Verify SSL Check this box to verify SSL when connecting to Carbon Black Protection. - Review any additional settings, make any changes if needed, and click on Save.
- Click on the toggle switch, located above the Additional Information section, to enable it.
Change Log
- Version 1.0.0
- Initial release
PDF Guides
| Document | ThreatQ Version |
|---|---|
| VMware Carbon Black Protection Operation Guide v1.0.0 | 4.33.0 or Greater |