Carbon Black Enterprise Protection v2

This integration uses Carbon Black Enterprise Protection’s searchable file catalog and application control capabilities, such as finding and blocking files by their hash.

To set up the integration on Demisto:

  1. Go to ‘Settings > Integrations > Servers & Services’
  2. Locate the Carbon Black Enterprise Protection integration by searching for ‘Carbon Black Enterprise Protection’ using the search box on the top of the page.
  3. Click ‘Add instance’ to create and configure a new integration. You should configure the following Carbon Black Enterprise Protection and Demisto-specific settings:
    Name : A textual name for the integration instance.

Server URL : The hostname or IP address of the Carbon Black Enterprise Protection application. Make sure the URL is reachable with respect to IP address and port.

API Token: The API Token provided for Carbon Black Enterprise Protection.

Incident type: Choose the type of incident for Demisto handling from the drop-down list.

Do not validate server certificate : Select to avoid server certification validation. You may want to do this in case Demisto cannot validate the integration server certificate (due to missing CA certificate)

Use system proxy settings : Select whether to communicate via the system proxy server or not.

Demisto engine: If relevant, select the engine that acts as a proxy to the server.
Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.

For more information on Demisto engines see:

Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

  1. Press the ‘Test’ button to validate connection.
    If you are experiencing issues with the service configuration, please contact Demisto support at
  2. After completing the test successfully, press the ‘Done’ button.


cbp-approvalRequest-search - Search for approval requests. See more:
cbp-computer-get - Returns computer. See more:
cbp-computer-search - Search for computers. See more:
cbp-computer-update - Updates computer object. Note that some computer properties can be changed only if the specific boolean param is set, as noted below. See more:
cbp-connector-get - Returns object instance of this class
cbp-connector-search - Returns objects that match given criteria
cbp-event-search - Search for events. See more:
cbp-fileAnalysis-createOrUpdate - Creates or updates file analysis request
cbp-fileAnalysis-get - Returns object instance of this class
cbp-fileAnalysis-search - Returns objects that match given criteria
cbp-fileCatalog-search - Search for file catalogs. See more:
cbp-fileInstance-search - Search for file instances. See more:
cbp-fileRule-delete - Deletes the file rule. See more:
cbp-fileRule-get - Gets the file rule. See more:
cbp-fileRule-search - Search for file rules. See more:
cbp-fileRule-update - Creates or updates file rule. See more:
cbp-fileUpload-download - Returns object instance of this class
cbp-fileUpload-get - Returns object instance of this class
cbp-fileUpload-search - Returns objects that match given criteria
cbp-notification-search - Search for notifications. See more:
cbp-policy-search - Search for policies. See more:
cbp-publisher-search - Search for publishers. See more:
cbp-serverConfig-search - Search in server configurations. See more: