CarbonBlack Defense is an industry-leading, cloud-delivered endpoint security solution that combines next-generation antivirus (NGAV) and endpoint detection and response (EDR) capabilities into a lightweight solution that is fast to deploy and easy to manage.
This document provides information about the CarbonBlack Defense connector, which facilitates automated interactions with CarbonBlack Defense using FortiSOAR™ playbooks. Add the CarbonBlack Defense connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the status of all devices from CarbonBlack Defense and changing the status of an individual device, by its device ID, on CarbonBlack Defense.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-carbonblack-defense
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Devices Status | Retrieves the status of all devices from CarbonBlack Defense. | search_device Investigation |
Get Device Status | Retrieves the status and details for a device that you have specified by its device ID from CarbonBlack Defense. | search_device Investigation |
Change Device Status | Changes the status for a device that you have specified by its device ID on CarbonBlack Defense. | update_device Miscellaneous |
Find Events | Retrieves all events that match the input search criterion that you have specified from CarbonBlack Defense. | search_event Investigation |
Find Event By ID | Retrieves the details for an event that you have specified by its event ID from CarbonBlack Defense. | search_event Investigation |
Find Processes | Retrieves information for all processes that match the input search criterion that you have specified from CarbonBlack Defense. | search_process Investigation |
Get Alert Details | Retrieves details and all metadata, including a list of all the events associated with the alert, for an alert that you have specified by its alert ID from CarbonBlack Defense. | get_alert Investigation |
Get Notifications | Retrieves information about new notifications since the last checkin from CarbonBlack Defense. | get_notification Investigation |
Create Policy | Creates a new policy in CarbonBlack Defense. | create_policy Miscellaneous |
Get All Policies | Retrieves a list of all policies available in the organization from CarbonBlack Defense. | search_policy Investigation |
Get Policy By ID | Retrieves the details of a policy that you have specified by its policy ID from CarbonBlack Defense. | search_policy Investigation |
Update Policy | Updates an existing policy with a new policy on CarbonBlack Defense. | update_policy Investigation |
Delete Policy | Delets an existing policy from CarbonBlack Defense. | delete_policy Miscellaneous |
Add Rule To Policy | Adds a new rule to an existing policy on CarbonBlack Defense. | update_policy Investigation |
Update Rule To Policy | Updates an existing rule with a new rule in an existing policy on CarbonBlack Defense. | update_policy Investigation |
Delete Rule From Policy | Deletes an existing rule from an existing policy on CarbonBlack Defense. | update_policy Investigation |
The Sample - CarbonBlack Defense - 1.0.0
playbook collection comes bundled with the CarbonBlack Defense connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CarbonBlack Defense connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
CarbonBlack Defense is an industry-leading, cloud-delivered endpoint security solution that combines next-generation antivirus (NGAV) and endpoint detection and response (EDR) capabilities into a lightweight solution that is fast to deploy and easy to manage.
This document provides information about the CarbonBlack Defense connector, which facilitates automated interactions with CarbonBlack Defense using FortiSOAR™ playbooks. Add the CarbonBlack Defense connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the status of all devices from CarbonBlack Defense and changing the status of an individual device, by its device ID, on CarbonBlack Defense.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-carbonblack-defense
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Devices Status | Retrieves the status of all devices from CarbonBlack Defense. | search_device Investigation |
Get Device Status | Retrieves the status and details for a device that you have specified by its device ID from CarbonBlack Defense. | search_device Investigation |
Change Device Status | Changes the status for a device that you have specified by its device ID on CarbonBlack Defense. | update_device Miscellaneous |
Find Events | Retrieves all events that match the input search criterion that you have specified from CarbonBlack Defense. | search_event Investigation |
Find Event By ID | Retrieves the details for an event that you have specified by its event ID from CarbonBlack Defense. | search_event Investigation |
Find Processes | Retrieves information for all processes that match the input search criterion that you have specified from CarbonBlack Defense. | search_process Investigation |
Get Alert Details | Retrieves details and all metadata, including a list of all the events associated with the alert, for an alert that you have specified by its alert ID from CarbonBlack Defense. | get_alert Investigation |
Get Notifications | Retrieves information about new notifications since the last checkin from CarbonBlack Defense. | get_notification Investigation |
Create Policy | Creates a new policy in CarbonBlack Defense. | create_policy Miscellaneous |
Get All Policies | Retrieves a list of all policies available in the organization from CarbonBlack Defense. | search_policy Investigation |
Get Policy By ID | Retrieves the details of a policy that you have specified by its policy ID from CarbonBlack Defense. | search_policy Investigation |
Update Policy | Updates an existing policy with a new policy on CarbonBlack Defense. | update_policy Investigation |
Delete Policy | Delets an existing policy from CarbonBlack Defense. | delete_policy Miscellaneous |
Add Rule To Policy | Adds a new rule to an existing policy on CarbonBlack Defense. | update_policy Investigation |
Update Rule To Policy | Updates an existing rule with a new rule in an existing policy on CarbonBlack Defense. | update_policy Investigation |
Delete Rule From Policy | Deletes an existing rule from an existing policy on CarbonBlack Defense. | update_policy Investigation |
The Sample - CarbonBlack Defense - 1.0.0
playbook collection comes bundled with the CarbonBlack Defense connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CarbonBlack Defense connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.