Fortinet Document Library

Version:


Table of Contents

CarbonBlack Defense

1.0.0
Copy Link

About the connector

CarbonBlack Defense is an industry-leading, cloud-delivered endpoint security solution that combines next-generation antivirus (NGAV) and endpoint detection and response (EDR) capabilities into a lightweight solution that is fast to deploy and easy to manage.

This document provides information about the CarbonBlack Defense connector, which facilitates automated interactions with CarbonBlack Defense using FortiSOAR™ playbooks. Add the CarbonBlack Defense connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the status of all devices from CarbonBlack Defense and changing the status of an individual device, by its device ID, on CarbonBlack Defense.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-carbonblack-defense

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Devices Status Retrieves the status of all devices from CarbonBlack Defense. search_device
Investigation
Get Device Status Retrieves the status and details for a device that you have specified by its device ID from CarbonBlack Defense. search_device
Investigation
Change Device Status Changes the status for a device that you have specified by its device ID on CarbonBlack Defense. update_device
Miscellaneous
Find Events Retrieves all events that match the input search criterion that you have specified from CarbonBlack Defense. search_event
Investigation
Find Event By ID Retrieves the details for an event that you have specified by its event ID from CarbonBlack Defense. search_event
Investigation
Find Processes Retrieves information for all processes that match the input search criterion that you have specified from CarbonBlack Defense. search_process
Investigation
Get Alert Details Retrieves details and all metadata, including a list of all the events associated with the alert, for an alert that you have specified by its alert ID from CarbonBlack Defense. get_alert
Investigation
Get Notifications Retrieves information about new notifications since the last checkin from CarbonBlack Defense. get_notification
Investigation
Create Policy Creates a new policy in CarbonBlack Defense. create_policy
Miscellaneous
Get All Policies Retrieves a list of all policies available in the organization from CarbonBlack Defense. search_policy
Investigation
Get Policy By ID Retrieves the details of a policy that you have specified by its policy ID from CarbonBlack Defense. search_policy
Investigation
Update Policy Updates an existing policy with a new policy on CarbonBlack Defense. update_policy
Investigation
Delete Policy Delets an existing policy from CarbonBlack Defense. delete_policy
Miscellaneous
Add Rule To Policy Adds a new rule to an existing policy on CarbonBlack Defense. update_policy
Investigation
Update Rule To Policy Updates an existing rule with a new rule in an existing policy on CarbonBlack Defense. update_policy
Investigation
Delete Rule From Policy Deletes an existing rule from an existing policy on CarbonBlack Defense. update_policy
Investigation

 

Included playbooks

The Sample - CarbonBlack Defense - 1.0.0 playbook collection comes bundled with the CarbonBlack Defense connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CarbonBlack Defense connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

CarbonBlack Defense is an industry-leading, cloud-delivered endpoint security solution that combines next-generation antivirus (NGAV) and endpoint detection and response (EDR) capabilities into a lightweight solution that is fast to deploy and easy to manage.

This document provides information about the CarbonBlack Defense connector, which facilitates automated interactions with CarbonBlack Defense using FortiSOAR™ playbooks. Add the CarbonBlack Defense connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the status of all devices from CarbonBlack Defense and changing the status of an individual device, by its device ID, on CarbonBlack Defense.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-carbonblack-defense

For the detailed procedure to install a connector, click here.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Devices Status Retrieves the status of all devices from CarbonBlack Defense. search_device
Investigation
Get Device Status Retrieves the status and details for a device that you have specified by its device ID from CarbonBlack Defense. search_device
Investigation
Change Device Status Changes the status for a device that you have specified by its device ID on CarbonBlack Defense. update_device
Miscellaneous
Find Events Retrieves all events that match the input search criterion that you have specified from CarbonBlack Defense. search_event
Investigation
Find Event By ID Retrieves the details for an event that you have specified by its event ID from CarbonBlack Defense. search_event
Investigation
Find Processes Retrieves information for all processes that match the input search criterion that you have specified from CarbonBlack Defense. search_process
Investigation
Get Alert Details Retrieves details and all metadata, including a list of all the events associated with the alert, for an alert that you have specified by its alert ID from CarbonBlack Defense. get_alert
Investigation
Get Notifications Retrieves information about new notifications since the last checkin from CarbonBlack Defense. get_notification
Investigation
Create Policy Creates a new policy in CarbonBlack Defense. create_policy
Miscellaneous
Get All Policies Retrieves a list of all policies available in the organization from CarbonBlack Defense. search_policy
Investigation
Get Policy By ID Retrieves the details of a policy that you have specified by its policy ID from CarbonBlack Defense. search_policy
Investigation
Update Policy Updates an existing policy with a new policy on CarbonBlack Defense. update_policy
Investigation
Delete Policy Delets an existing policy from CarbonBlack Defense. delete_policy
Miscellaneous
Add Rule To Policy Adds a new rule to an existing policy on CarbonBlack Defense. update_policy
Investigation
Update Rule To Policy Updates an existing rule with a new rule in an existing policy on CarbonBlack Defense. update_policy
Investigation
Delete Rule From Policy Deletes an existing rule from an existing policy on CarbonBlack Defense. update_policy
Investigation

 

Included playbooks

The Sample - CarbonBlack Defense - 1.0.0 playbook collection comes bundled with the CarbonBlack Defense connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the CarbonBlack Defense connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.