In this article:
Take the following integration steps to provide ISS Internal Security with necessary information to communicate with your CarbonBlack endpoint security device.
When integrated, Internal Security extracts the following information from CarbonBlack:
- List of unknown apps
- All recommendations
- Threat alerts
- Device list
Prepare for your integration
Before configuring the integration do the following:
- Install Internal Security from Integrate360°: Marketplace. See ISS Internal Security module for guidance.
- Make sure you have Super Admin permissions in CarbonBlack or access to someone who does.
The Internal Security integration requires the following configuration values:
| Setting | Description |
| API key | A token provides permission to perform the GET request |
| Organization key |
An identifier that the product assigns to your organization |
| Base product URL |
The URL for the deployed product. |
Note: Contact your internal Support or Engineering team if you are unable to provide the information required for this integration.
Step 1: Generate an API key
Create a key that will provide Internal Security with read-only access to CarbonBlack data:
- Log into CarbonBlack.
- Select API Access under Settings in the left pane.
- In API Access, select the API Keys tab.
- Click Add API Key.
- Enter a name for the key and select the API access level. Then click Save.
- Copy the following information, which you will need in the next step.
-
- The newly generated key that appears in the API Access table
- The Organization Key, which appears above the table
- The base product URL which appears in your browser when you log into CarbonBlack
Step 2: Find your base product URL
See CarbonBlack's documentation for guidance on finding the URL. You will need it in the next step.
Step 3: Add a CarbonBlack integration in Internal Security
Provide Internal Security with the required information for communicating with CarbonBlack:
- In your Scorecard header, select the Internal Security tab. Then, select Internal Security again.
- On the Internal Security page Add integrations.
- On the Set up integrations page, click Add integration.
- Select CarbonBlack from the drop-down list.
- Enter the required information from the preceding step and then click Save Configuration:
- The API key
- The organization key
- The base product URL for the API
Note: Make sure to precede the URL with http:// or https://, depending on which protocol applies. Also, It is only necessary to specify the port number for the base product URL if it is not 80 or 443.
Your new integration appears in a table on the Internal Security page. Start viewing your Internal Security score and findings within 24 hours.
Note: Internal Security starts to provide data within 24 hours for each new integration as it syncs with SecurityScorecard's scanning and scoring cycles.
Additional documentation and resources
-
Installed library: carbon-black-cloud-sdk