Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we'll get it updated.
This guide describes the steps required to configure VMWare Carbon Black Cloud Enterprise EDR to send logs to the Samurai XDR.
VMWare Carbon Black Cloud Enterprise EDR logs and data are collected via REST API and Streaming API.
To complete this Integration you will need to:
1) Within the VMware Carbon Black Cloud web interface
- Determine environment
- Determine Org key for API Access
- API Access
2) From the Samurai XDR application:
- Complete the Carbon Black Cloud Enterprise EDR Integration
VMware Carbon Black Cloud
Determine Environment
The URL for API access appears in the address bar in a browser as follows:
https://defense-"Envionment-hostname".conferdeploy.net
Take note of this URL as it will be required when completing the Integration within the Samurai XDR application.
Determine Org Key for API Access
To determine your Org Key for API Access:
- Login to your Carbon Black Cloud instance
- Select Settings > API Access
- The ORG KEY is shown on the screen.
Take note of this Org Key as it will be required when completing the Integration within the Samurai XDR application.
API Access
Use these steps to configure a custom API access level:
- Log in to your Carbon Black Cloud Instance with an account that has the Super Admin role.
- Click Settings > API Access
- Go to the Access Level tab
- Click Add Access Level
- In the Name field, enter Samurai-Access
- Enter a description
- Select the following permissions
- org.alerts Read
- device Read
- org.search.events Read
- device.quarantine Execute (Optional, for Remote Isolation)
- Click Save
Use these steps to enable API configuration to allow Samurai XDR to gather telemetry:
- Click Settings > API Access
- Click + Add API Key
- Add a new API key with the following information:
- In the Name field, enter Samurai-XDR
- From the Access Level type list, select Custom
- From Custom Access Level list, select Samurai-Access
- Click Save
- The API credentials are displayed
- Use the copy button to copy the Samurai-XDR API ID and API Secret Key. Paste the information to a file clearly indicating name, API ID, and API secret key.
You will need the API ID and API Secret key when completing the integration within the Samurai XDR application.
Configure the Samurai XDR Application
Complete the VMware Carbon Black Cloud Enterprise EDR Integration
- Login to your Samurai XDR tenant
- Select Telemetry > Integrations
- Select Create
- Locate and click Carbon Black Enterprise EDR
- Click Next (we leverage a Samurai XDR Cloud Collector)
- Enter a Name of Integration
- Enter a Description (Optional)
- Enter your Devicename
- Enter your Environment-hostname
- Enter your Organization Key
- Enter your API ID
- Enter your API Secret
- Click Finish