> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# VMware Carbon Black Cloud

> Connect VMware Carbon Black Cloud to import alert data.

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="VMware Carbon Black Cloud" recommendDelegated={true} />

## What Living Security needs

| Credential  | Description                                                                       |
| ----------- | --------------------------------------------------------------------------------- |
| **API key** | A combined `{API Secret}/{API ID}` credential from the Carbon Black Cloud console |
| **Org key** | The short alphanumeric identifier for your organization (e.g., `ABCD1234`)        |

**Scopes:** Read access to alerts (via Custom Access Level)

**Required role:** **Administrator** or equivalent with access to **Settings → API Access**

### Prerequisites

* You must be signed in to the Carbon Black Cloud console with a role that allows managing API keys.
* You need permission to create Custom Access Levels for RBAC.

***

## Part A — In VMware Carbon Black Cloud

*Your Carbon Black administrator completes these steps.*

<Steps>
  <Step title="Create a Custom Access Level">
    Carbon Black Cloud uses Role-Based Access Control (RBAC). Create a Custom Access Level with minimum required permissions.

    1. Sign in to your Carbon Black Cloud console.
    2. Navigate to **Settings → API Access**.
    3. Click the **Access Levels** tab.
    4. Click **Add Access Level**.
    5. Enter a name (e.g., `Living Security Platform`) and optional description.
    6. In the permissions table, grant the following under **Alerts**:

    | Permission                   | .notation name     | Required operation           |
    | ---------------------------- | ------------------ | ---------------------------- |
    | Alerts > General Information | `org.alerts`       | READ                         |
    | Alerts > Close               | `org.alerts.close` | EXECUTE                      |
    | Alerts > Notes               | `org.alerts.notes` | READ, CREATE, DELETE, UPDATE |
    | Alerts > Tags                | `org.alerts.tags`  | READ, CREATE, DELETE         |

    7. Click **Save**.

    <Note>
      These are the minimum permissions required. Grant only what is listed here for least-privilege access.
    </Note>
  </Step>

  <Step title="Create an API key">
    1. Go to **Settings → API Access**.
    2. Click the **API Keys** tab.
    3. Click **Add API Key**.
    4. Fill in the fields:
       * **Name** — A descriptive name (e.g., `Living Security Platform`)
       * **Access Level Type** — Select **Custom**
       * **Access Level** — Select the access level from Step 1
    5. Click **Save**.
  </Step>

  <Step title="Copy your API credentials">
    After saving, Carbon Black Cloud displays:

    * **API Secret Key** — A long alphanumeric string
    * **API ID** — A shorter alphanumeric string

    Construct your API key by combining them:

    ```
    {API Secret Key}/{API ID}
    ```

    Example: `ABCDEFGHIJKLMNO123456789/ABCD123456`

    <Warning>
      The **API Secret Key** is displayed **only once**. If you navigate away without copying it, you must reset the secret or delete the key and create a new one.
    </Warning>
  </Step>

  <Step title="Locate your Org key">
    1. Go to **Settings → API Access**.
    2. Click the **API Keys** tab.
    3. Your **Org Key** is displayed near the top of this page (e.g., `ABCD1234`).
  </Step>

  <Step title="Identify your environment hostname">
    Living Security defaults to `defense.conferdeploy.net` (Prod 02). If your organization uses a different environment:

    | Environment       | Hostname                           |
    | ----------------- | ---------------------------------- |
    | EAP01             | `defense-eap01.conferdeploy.net`   |
    | Prod 01           | `dashboard.confer.net`             |
    | Prod 02 (default) | `defense.conferdeploy.net`         |
    | Prod 05           | `defense-prod05.conferdeploy.net`  |
    | Prod 06 (EU)      | `defense-eu.conferdeploy.net`      |
    | Prod NRT          | `defense-prodnrt.conferdeploy.net` |
    | Prod Syd          | `defense-prodsyd.conferdeploy.net` |

    <Note>
      If your organization uses a non-default environment, contact your Living Security Customer Success Manager to configure the correct host.
    </Note>
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="VMware Carbon Black Cloud">
    | Field       | Value                                                    |
    | ----------- | -------------------------------------------------------- |
    | **API key** | The combined `{API Secret}/{API ID}` from Part A, Step 3 |
    | **Org key** | The org key from Part A, Step 4                          |

    <Note>
      The connection dialog does not include a field for environment hostname. Living Security defaults to `defense.conferdeploy.net`. Contact support if you use a different environment.
    </Note>

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/vmware-carbon-black-cloud/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=485845d85f333b3c56b29d1ea975abe5" alt="Living Security connect dialog for VMware Carbon Black Cloud" style={{maxWidth: "450px"}} width="576" height="356" data-path="integrations/images/vmware-carbon-black-cloud/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to VMware Carbon Black Cloud.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    The API key is invalid or the secret has been reset. Generate a new API key from **Settings → API Access → API Keys**.
  </Accordion>

  <Accordion title="403 Forbidden">
    The Access Level is missing one or more required permissions. Access Level permissions cannot be changed retroactively on a key — update the Access Level itself, or create a new Access Level and API key with the correct permissions.
  </Accordion>

  <Accordion title="Wrong environment hostname">
    If syncs fail but credentials are correct, your organization may use a non-default Carbon Black environment. Check your console URL and contact support to configure the correct hostname.
  </Accordion>

  <Accordion title="Invalid API key format">
    The API key must be in `{secret}/{id}` format. Verify you combined the API Secret Key and API ID with a forward slash separator.
  </Accordion>
</AccordionGroup>
