Configuring the BlueApp for VMware Carbon Black Cloud

Role Availability Read-Only Investigator Analyst Manager

To configure the BlueApp for VMware Carbon Black Cloud in USM Anywhere, you first need to configure API key credentials. You also need to provide the hostname and Org Key for your Carbon Black Cloud instance.

Set up Carbon Black Cloud API

Follow the instructions listed in the VMware Carbon Black Cloud documentation to configure your API key credentials. Here are some guidelines on how to configure the API key credentials required for USM Appliance.

Note: Because VMware has announced that they are phasing out all preconfigured key types, creating your API keys with the Custom type may mean your BlueApp for VMware Carbon Black Cloud is more future-proof.

  • LevelBlue does not recommend configuring Super User API keys for use with this app, as that API key type is far more permissive than this app requires.

  • At minimum, your API key must be configured with the Manage Roles and Manage Users permissions from the Organization Settings category, as well as all permissions granted to users.

  • If you are not planning to use a preconfigured API key type, you must configure and save your Custom API key type before creating your new API key.

  • Once you have created your API key, you can view your credentials at any time by opening the Actions dropdown within Carbon Black Cloud settings and selecting API Credentials.

To view your Org Key, navigate to Settings > API Access > API Keys within the VMware Carbon Black Cloud console.

Configure the BlueApp for VMware Carbon Black Cloud in USM Anywhere

To enable the BlueApp for VMware Carbon Black Cloud

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled BlueApp.

    BlueApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the BlueApp API endpoints.

  6. Enter the hostname, Org Key, and API key credentials.

  7. Click Save.
  8. BlueApp Log Collection

    Once the BlueApp has been configured, you can choose to have USM Anywhere collect logs from the app on a regular basis.

    To configure log collection for the BlueApp

    1. Go to Settings > Scheduler.
    2. In the Job Scheduler, search for the BlueApp on the sensor to which it was deployed.
    3. In the enabled column, click the icon for the inactive collection job.

      The icon turns green, and collection is enabled.

    4. (Optional.) Click the icon to customize the frequency of the event collection.