Carbon Black provides integration with ThreatExchange by retrieving Indicators of Compromise (IOCs) from specified communities. To support this integration, Carbon Black provides an out-of-band bridge that communicates with the ThreatExchange API.
As root on your Carbon Black or other RPM based 64-bit Linux distribution server:
cd /etc/yum.repos.d
curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo
yum install python-cb-threatexchange-connector
Once the software is installed via YUM, copy the
/etc/cb/integrations/threatexchange/connector.conf.example
file to
/etc/cb/integrations/threatexchange/connector.conf
.
Edit this file and place your Carbon Black API key into the
carbonblack_server_token
variable and your Carbon Black server's base URL into the carbonblack_server_url
variable.
Once you have the connector configured for your API access, start the ThreatExchange service:
service cb-threatexchange-connector start
Any errors will be logged into /var/log/cb/integrations/threatexchange/threatexchange.log
.
If you suspect a problem, please first look at the ThreatExchange connector logs found here:
/var/log/cb/integrations/threatexchange/threatexchange.log
(There might be multiple files as the logger "rolls over" when the log file hits a certain size).
Web: https://community.bit9.com/community/developer-relations E-mail: dev-support@bit9.com
When you contact Bit9 Developer Relations Technical Support with an issue, please provide the following:
- Your name, company name, telephone number, and e-mail address
- Product name/version, CB Server version, CB Sensor version
- Hardware configuration of the Carbon Black Server or computer (processor, memory, and RAM)
- For documentation issues, specify the version of the manual you are using.
- Action causing the problem, error message returned, and event log output (as appropriate)
- Problem severity