Skip to main content

VMware Carbon Black App Control v2

This Integration is part of the Carbon Black Enterprise Protection Pack.#

This integration uses VMware Carbon Black App Control’s (formerly known as Carbon Black Enterprise Protection) searchable file catalog and application control capabilities, such as finding and blocking files by their hash.

To set up the integration on Cortex XSOAR:

  1. Go to ‘Settings > Integrations > Servers & Services’
  2. Locate the VMware Carbon Black App Control v2 integration by searching for ‘VMware Carbon Black App Control v2’ using the search box on the top of the page.
  3. Click ‘Add instance’ to create and configure a new integration. You should configure the following VMware Carbon Black App Control and XSOAR-specific settings:
    Name : A textual name for the integration instance.

Server URL : The hostname or IP address of the VMware Carbon Black App Control application. Make sure the URL is reachable with respect to IP address and port.

API Token: The API Token provided for VMware Carbon Black App Control.

Incident type: Choose the type of incident for Cortex XSOAR handling from the drop-down list.

Do not validate server certificate : Select to avoid server certification validation. You may want to do this in case Cortex XSOAR cannot validate the integration server certificate (due to missing CA certificate)

Use system proxy settings : Select whether to communicate via the system proxy server or not.

Cortex XSOAR engine: If relevant, select the engine that acts as a proxy to the server.
Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Cortex XSOAR server from accessing the remote networks.

For more information on Cortex XSOAR engines see:

Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

  1. Press the ‘Test’ button to validate connection.
  2. After completing the test successfully, press the ‘Done’ button.


cbp-approvalRequest-search - Search for approval requests. See more:
cbp-computer-get - Returns computer. See more:
cbp-computer-search - Search for computers. See more:
cbp-computer-update - Updates computer object. Note that some computer properties can be changed only if the specific boolean param is set, as noted below. See more:
cbp-connector-get - Returns object instance of this class
cbp-connector-search - Returns objects that match given criteria
cbp-event-search - Search for events. See more:
cbp-fileAnalysis-createOrUpdate - Creates or updates file analysis request
cbp-fileAnalysis-get - Returns object instance of this class
cbp-fileAnalysis-search - Returns objects that match given criteria
cbp-fileCatalog-search - Search for file catalogs. See more:
cbp-fileInstance-search - Search for file instances. See more:
cbp-fileRule-delete - Deletes the file rule. See more:
cbp-fileRule-get - Gets the file rule. See more:
cbp-fileRule-search - Search for file rules. See more:
cbp-fileRule-update - Creates or updates file rule. See more:
cbp-fileUpload-download - Returns object instance of this class
cbp-fileUpload-get - Returns object instance of this class
cbp-fileUpload-search - Returns objects that match given criteria
cbp-notification-search - Search for notifications. See more:
cbp-policy-search - Search for policies. See more:
cbp-publisher-search - Search for publishers. See more:
cbp-serverConfig-search - Search in server configurations. See more: