This article explains how to connect VMware Carbon Black Cloud to Workbench.
In this article
Step 1: Enable console access
This procedure creates a user account for Expel that keeps the Expel activity separate from other activity on the VMware Carbon Black Cloud console.
-
Navigate to the gear icon on the left side and click Users. Then click Add User on the top right of the screen.
-
For First name, type Expel.
-
For Last name, type SOC.
-
For Email, type soc+<Your_Organization_Name>@expel.io.
Note
Yes, the "+" sign is part of the email address, and it's important. Click here to find out why. -
For Role select Level 2 Analyst.
-
Step 2: Generate API credentials
Generate an API key with view all permissions
-
In the VMware Carbon Black Cloud console, navigate to Settings > Roles.
-
Navigate to Settings > API Keys.
-
Create a new API key by selecting Add API Key in the upper right corner.
-
Type a name for the new key. We suggest Expel SOC.
-
From the Access Level list, select Custom.
-
From the Custom Access Level list, select either the View All role or the role you created above.
-
Complete the rest of the information and click Save to create the new key.
-
Make a record of the API ID and API Secret Key for later.
Step 3: Configure the technology in Workbench
-
In a new browser tab, log in to https://workbench.expel.io/settings/security-devices?setupIntegration=carbon_black_threat_hunter.
-
Type these details:
-
For Name, type the host name of the device.
-
For Location, type the geographic location of the appliance.
-
For Server Address, type the VMware Carbon Black Cloud server address, usually https://defense-prod05. conferdeploy.net/
-
For Org ID, type your CB Organization ID.
-
For Org Key, type the Org Key.
-
For API ID, type the API ID created in Step 2.
-
For API Key, type the API Secret Key created in Step 2.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
CB Cloud, CB Defense