JupiterOne provides a managed integration for Carbon Black Cloud Platform (formerly the Predictive Security Cloud, or PSC). The integration connects directly to Carbon Black APIs to obtain details about device sensors/agents and active alerts. Customers authorize access by creating a Connector and an API Key in their target PSC account and providing that credential to JupiterOne.
You must set up an Access Level and API Key in the Carbon Black Cloud Console to allow access to the Devices and Alerts APIs.
- Settings > API Access > Access Levels: Add Access Level: Name "JupiterOne
Read Only" (or match your naming patterns), permissions
- Settings > API Access > API Keys: Add API Key: Name "JupiterOne" (or match your naming patterns), Access Level Type "Custom", "JupiterOne Read Only". Capture the API Secret Key and API ID.
With the Access Level and API Key now configured, you'll need to provide these parameters to the integration instance configuration:
- Site/Environment (
site): The part immediately following
defense-in your Carbon Black Cloud account URL. For example, if you access your account at
- Org Key (
orgKey): From Settings > API Access, capture the Org Key.
- API ID (
connectorId): Captured during API Key creation.
- API Key (
apiKey): Captured during API Key creation.
The following entity resources are ingested when the integration runs:
|Example Entity Resource||_type : _class of the Entity|
|Device Sensor Agent||
The following relationships are created/mapped: