Carbon Black Cloud

Overview

Configuring a cloud source in Scope is a two-step process.

  • Generating Carbon Black Cloud API credentials in the Carbon Black Cloud Console. Please refer to Section 1 – Carbon Black Cloud Setup

  • Setting up the Carbon Black Cloud cloud source in the Scope application. Please refer to Section 2 – Scope Setup

Carbon Black Cloud Setup

To get started, you’ll need to generate the following credentials in the Carbon Black Cloud Console –

  1. Organization Key
  2. API ID
  3. API Secret Key
  4. Base URL

Step 1: Get the Organization Key

  • In the Carbon Black Cloud Console, navigate to Settings -> General.

  • Copy the Organization Key “Org Key” displayed on the page.

Step 2: Create an Access Level

To use the Carbon Black Cloud API, an appropriate access level must first be created.

  • In the left navigation pane, click Settings -> API Access.

  • Click the Access Levels tab and click Add Access Level.

  • Enter a Name and Description for the access level.

  • Select the required permission functions to include in the access level.

  • Click Save.

The newly created access level will appear in the Access Levels tab.

Step 3: Generate an API Key and API Secret

  • In the left navigation pane, click Settings -> API Access.

  • Click Add API Key.

  • Enter a unique Name and Description.

  • Select the appropriate Access Level Type (default: Custom).

  • Set the Custom Access Level created in Step 2.

  • (Optional) Add authorized IP addresses to restrict API key usage to specific IP addresses.

  • Click Save.

  • A pop-up window displays the new API credentials:

    Note: The API credentials will not reappear and are not retrievable after the pop-up has been dismissed.

Step 4: Obtain the Base URL

  • When you log into your Carbon Black Cloud instance, note the root URL from the address bar (such as https://defense-prod01.superdeploy.net). This value will be required as the Base URL.

The Organization Key, API ID, API Secret Key, and Base URL are to be configured in Scope Setup: Step 1 for initiating the Carbon Black Cloud log ingestion.

Scope Setup

Step 1: Carbon Black Cloud Source Registration in the Scope Application

Once the credentials are generated, they must be configured in the Scope application to establish the connection and enable data ingestion from the Carbon Black Cloud environment.

In the Scope application, to register a Carbon Black Cloud source, navigate to the cloud source registration page –

  • Log into the Scope application

  • Select the required organization

  • Navigate to the Side menu -> Administration

  • Navigate to the Cloud sources tab

  • Click on the +Add Source button

  • In the Add Source pop-up, provide the parameters below.

    • Source: Select the Carbon Black Cloud source from the Source dropdown.

    • Site: The user defined name for the Carbon Black Cloud source.

    • Base URL: Select the appropriate Base URL from the dropdown obtained from Step 4.

    • Organization Key: The Organization Key obtained in Step 1.

    • API ID: The API ID generated in Step 3.

    • API Secret Key: The API Secret Key generated in Step 3.

    • Polling Interval: The polling interval for making periodic API calls to Carbon Black Cloud. The user can select the time interval from the dropdown.

    • Contact Email: The email address of the person who registers the Carbon Black Cloud source in Scope.

Once the required connection parameters are entered, the Carbon Black Cloud source registration is complete in Scope and is ready for ingestion of Carbon Black Cloud logs.