Integrations

Carbon Black

Carbon Black Integration

With Perch’s integration to Carbon Black you can store, search, and visualize all the threats detected by Carbon Black within Perch. Perch security analysts triage threats detected by Carbon Black alongside all your data in Perch.

  1. Generate a Carbon Black API key for Perch to collect logs
  2. Click here to go to the Carbon Black Settings page in Perch
  3. Fill in the required fields and test

Generate Carbon Black API Key

In order for Perch to access your Carbon Black logs, you must provide Perch with your Carbon Black API token information.

  • Login to the Carbon Black Management Console

  • Navigate to Settings > API Access

  • Click on the orange button > Add API Key

  • Create a name and set the API access level to API

    ![](/images/Screenshot_2 revised.png)

  • A new window will appear with the API ID and API Secret Key

Set up the integration in Perch

  • Login to the Perch app
  • Navigate to the Settings page
  • Then navigate to the Integration section of the Settings page
  • Scroll until you see the Carbon Black integration
  • Click Install
  • Then click the right-facing chevron to enter the configuration page for the Carbon Black integration
  • In the Perch Carbon Black authentication panel, paste your API secret token, API ID, and environment

TIP:

The environment variable can be found in the hostname of your Carbon Black service. There are two Carbon Black Cloud hostnames:

  1. https://defense-.conferdeploy.net/
  2. https://api-.conferdeploy.net/

Note:

Note: For example, the environment variable for https://api-prod05.conferdeploy.net is prod05

Enable log ingestion

Like all Perch integrations, you can enable or disable Carbon Black log ingestion at any time by toggling the switch from OFF ( gray ) to ON ( purple ), or vice versa.

Once you enable the log ingestion, you will receive a success message which you can then toggle to see the health status of your integration.