Carbon Black Enterprise Protection v2

This integration uses Carbon Black Enterprise Protection’s searchable file catalog and application control capabilities, such as finding and blocking files by their hash.

To set up the integration on Demisto:

  1. Go to ‘Settings > Integrations > Servers & Services’
  2. Locate the Carbon Black Enterprise Protection integration by searching for ‘Carbon Black Enterprise Protection’ using the search box on the top of the page.
  3. Click ‘Add instance’ to create and configure a new integration. You should configure the following Carbon Black Enterprise Protection and Demisto-specific settings:
    Name : A textual name for the integration instance.

Server URL : The hostname or IP address of the Carbon Black Enterprise Protection application. Make sure the URL is reachable with respect to IP address and port.

API Token: The API Token provided for Carbon Black Enterprise Protection.

Incident type: Choose the type of incident for Demisto handling from the drop-down list.

Do not validate server certificate : Select to avoid server certification validation. You may want to do this in case Demisto cannot validate the integration server certificate (due to missing CA certificate)

Use system proxy settings : Select whether to communicate via the system proxy server or not.

Demisto engine: If relevant, select the engine that acts as a proxy to the server.
Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.

For more information on Demisto engines see:
https://demisto.zendesk.com/hc/en-us/articles/226274727-Settings-Integrations-Engines

Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

  1. Press the ‘Test’ button to validate connection.
    If you are experiencing issues with the service configuration, please contact Demisto support at support@demisto.com
  2. After completing the test successfully, press the ‘Done’ button.

Commands:

cbp-approvalRequest-search - Search for approval requests. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#approvalrequest
cbp-computer-get - Returns computer. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#computer
cbp-computer-search - Search for computers. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#computer
cbp-computer-update - Updates computer object. Note that some computer properties can be changed only if the specific boolean param is set, as noted below. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#computer
cbp-connector-get - Returns object instance of this class
cbp-connector-search - Returns objects that match given criteria
cbp-event-search - Search for events. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#event
cbp-fileAnalysis-createOrUpdate - Creates or updates file analysis request
cbp-fileAnalysis-get - Returns object instance of this class
cbp-fileAnalysis-search - Returns objects that match given criteria
cbp-fileCatalog-search - Search for file catalogs. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#filecatalog
cbp-fileInstance-search - Search for file instances. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#fileinstance
cbp-fileRule-delete - Deletes the file rule. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#filerule
cbp-fileRule-get - Gets the file rule. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#filerule
cbp-fileRule-search - Search for file rules. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#filerule
cbp-fileRule-update - Creates or updates file rule. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#filerule
cbp-fileUpload-download - Returns object instance of this class
cbp-fileUpload-get - Returns object instance of this class
cbp-fileUpload-search - Returns objects that match given criteria
cbp-notification-search - Search for notifications. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#notification
cbp-policy-search - Search for policies. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#policy
cbp-publisher-search - Search for publishers. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#publisher
cbp-serverConfig-search - Search in server configurations. See more: https://developer.carbonblack.com/reference/enterprise-protection/7.2/rest-api/#serverconfig