CarbonBlack Authentication Guide

How to authenticate Carbon Black for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over a week ago

VMware Carbon Black is a cloud-native endpoint protection solution that consolidates multiple endpoint security capabilities using one agent and console. Carbon Black helps minimize downtime by responding to incidents and returning critical CPU cycles back to the business, making it an invaluable tool for keeping the world safe from cyberattacks. Here's our guide on how to authenticate Carbon Black for use with Tines.

First, get your Carbon Black API Key

  1. Login to your Carbon Black account. New users can sign up for a Carbon Black account.

  2. From the sidebar, click "Settings" and then "API Access"

  3. From the top right-hand corner of the screen, click "Add API Key"

  4. Enter the required details and click "Save"

  5. Copy both the "API ID" and "API Secret Key"

Lastly, Create a Carbon Black credential in Tines

Two credentials need to be created. One for the "Carbon Black API ID" and one for the "Carbon Black API Secret Key"

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Credential"

  3. Click "+ New Credential" and select "Text"

  4. Input the values for the Carbon Black credential

    1. Name: Required

    2. Description: Optional

    3. Value: API Key

  5. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

For more on creating credentials in Tines, click here.

You can find a selection of Carbon Black stories in the story library

Using the credential in an action

The Header configuration for Carbon Black should be constructed like the below:

CREDENTIAL.carbon_black_api_secret_key/CREDENTIAL.carbon_black_api_id

An example action you can copy and paste onto your storyboard:

{"standardLibVersion":"28","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"Get Alerts from Carbon Black","description":null,"options":"{\"url\":\"https://defense.conferdeploy.net/appservices/v6/orgs/{ORG-KEY}/alerts/{ALERT-ID}\",\"method\":\"get\",\"content_type\":\"json\",\"payload\":{\"cb.fq.status\":\"unresolved\",\"cb.urlver\":0,\"facet\":true,\"rows\":\"10\",\"sort\":\"created_time desc\",\"start\":\"0\"},\"headers\":{\"X-Auth-Token\":\"<<CREDENTIAL.carbon_black_api_secret_key>>/<<CREDENTIAL.carbon_black_api_id>>\"}}","position":{"x":585,"y":-930},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":null,"createdFromTemplateGuid":null,"createdFromTemplateVersion":null}],"links":[],"diagramNotes":[]}
Did this answer your question?