What Living Security needs
Scopes: Read access to alerts (via Custom Access Level)
Required role: Administrator or equivalent with access to Settings → API Access
Prerequisites
- You must be signed in to the Carbon Black Cloud console with a role that allows managing API keys.
- You need permission to create Custom Access Levels for RBAC.
Part A — In VMware Carbon Black Cloud
Your Carbon Black administrator completes these steps.1
Create a Custom Access Level
Carbon Black Cloud uses Role-Based Access Control (RBAC). Create a Custom Access Level with minimum required permissions.
- Sign in to your Carbon Black Cloud console.
- Navigate to Settings → API Access.
- Click the Access Levels tab.
- Click Add Access Level.
- Enter a name (e.g.,
Living Security Platform) and optional description. - In the permissions table, grant the following under Alerts:
- Click Save.
These are the minimum permissions required. Grant only what is listed here for least-privilege access.
2
Create an API key
- Go to Settings → API Access.
- Click the API Keys tab.
- Click Add API Key.
- Fill in the fields:
- Name — A descriptive name (e.g.,
Living Security Platform) - Access Level Type — Select Custom
- Access Level — Select the access level from Step 1
- Name — A descriptive name (e.g.,
- Click Save.
3
Copy your API credentials
After saving, Carbon Black Cloud displays:Example:
- API Secret Key — A long alphanumeric string
- API ID — A shorter alphanumeric string
ABCDEFGHIJKLMNO123456789/ABCD1234564
Locate your Org key
- Go to Settings → API Access.
- Click the API Keys tab.
- Your Org Key is displayed near the top of this page (e.g.,
ABCD1234).
5
Identify your environment hostname
Living Security defaults to
defense.conferdeploy.net (Prod 02). If your organization uses a different environment:If your organization uses a non-default environment, contact your Living Security Customer Success Manager to configure the correct host.
Part B — In the Living Security Platform
The program owner completes this step, or the system admin if using delegated setup.1
Troubleshooting
403 Forbidden
403 Forbidden
The Access Level is missing one or more required permissions. Access Level permissions cannot be changed retroactively on a key — update the Access Level itself, or create a new Access Level and API key with the correct permissions.
Wrong environment hostname
Wrong environment hostname
If syncs fail but credentials are correct, your organization may use a non-default Carbon Black environment. Check your console URL and contact support to configure the correct hostname.
Invalid API key format
Invalid API key format
The API key must be in
{secret}/{id} format. Verify you combined the API Secret Key and API ID with a forward slash separator.
