Introduction
This article describes the Field Effect MDR integration with Carbon Black. This article covers the following:
Integration Details
If your organization uses Carbon Black, this integration allows Field Effect MDR monitoring access to your environment, enriching its monitoring fidelity. AROs will be generated, as appropriate, based on high severity alerts. If you would like Field Effect MDR to monitor other alert severities, reach out to support@fieldeffect.com.
To learn more about Carbon Black, visit their support documentation.
Requirements
To complete this integration, you will need administrator access to both your Carbon Black environment and the Field Effect MDR Portal.
Setting up the Integration
To complete this integration, you will need to perform the following procedures:
- Prepare Carbon Black for the Integration
- Create a Field Effect Access Level in Carbon Black.
- Create a Field Effect API Key in Carbon Black.
- Complete the integration in the MDR Portal.
Prepare Carbon Black for the Integration
Create a Field Effect Access Level in Carbon Black
Log into your Carbon Black console and navigate to the Access Level tab (Settings > API Access > Access Levels tab). From the Access Levels tab, click + Add Access Level in the upper right.
Name the access level “Field Effect Access Level” and give it a description. Set the “org.alerts” permission to READ and click Save.
Create a Field Effect API Key in Carbon Black
Log into your Carbon Black console and navigate to the API Keys tab (Settings > API Access > API Keys tab). From the API Keys tab, click + Add API Key. From the API Keys tab, click + Add API Key in the upper right.
The Add API Key window will open. Name the API Key Field Effect API Key, set the Access Level type to “Custom”, and select the “Field Effect Access Level” created in the previous step as the Custom access level. When satisfied, click Save.
You will be given the credentials for the new API key. Copy or save these credentials as they will be required in the next step, enrolling Carbon Black in the Field Effect MDR Portal.
Complete the integration in the MDR Portal
Note for Partners: This procedure is performed on a per-client basis. Ensure that the Organization Selector is set to the appropriate client before continuing.
After you have prepared Carbon Black for the integration (above), navigate to the MDR Portal's Administration > Integrations page. From the Cybersecurity tab, click Add for Carbon Black.
The integration wizard will open. Provide the Domain and Org Key for your Carbon Black account and click Next.
Step 2 describes what is required in Carbon Black (Preparing Carbon Black fot the Integration) before you can continue. After completing these procedures within Carbon Black, click NEXT.
Provide the API Key credentials you copied from the Field Effect API Key and click Next.
The final page of the form allows you to review the info you provided. Once satisfied, click Submit.
You'll be taken back to the integrations page, and the integration card will show that the integration is connected and promoted to the top, alongside any other connected integrations.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article