cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Carbon Black Cloud Connector not working?

SocInABox
Iron Contributor

‎Apr 27 2023 09:17 AM - edited ‎Apr 27 2023 09:18 AM

‎Apr 27 2023 09:17 AM - edited ‎Apr 27 2023 09:18 AM

Carbon Black Cloud Connector not working?

Hi there,

 

I just tried to use the Carbon Black Cloud connector in Sentinel.

 

I installed it from the content hub.

 

It pushes out an Azure function.

 

If you open it's powershell script you can see it was created by Microsoft in 2020.

 

The api it points to is obsolete.

 

I created my own test connector in Logic apps which seems to work fine. (happy to share).

 

However I'd like to know if Microsoft is aware of this issue and if it is actually broken are there plans to fix it, or if it does work then can I get some steps to make it work in Sentinel/Azure (just to pull alerts, no interest in the AWS options).

 

Thank you!

 

Labels:
603 Views
0 Likes
2 Replies
Reply
2 Replies
Clive_Watson

‎Apr 28 2023 01:30 AM

‎Apr 28 2023 01:30 AM

Re: Carbon Black Cloud Connector not working?

I'd suggest you raise an Issue in the Microsoft Github, detailing the above. https://github.com/Azure/Azure-Sentinel/issues
1 Like
Reply
best response confirmed by SocInABox (Iron Contributor)
SocInABox

‎May 01 2023 07:54 PM - edited ‎May 03 2023 11:42 AM

‎May 01 2023 07:54 PM - edited ‎May 03 2023 11:42 AM

Solution

Re: Carbon Black Cloud Connector not working?

@Clive_Watson 

I got it working.
Aside from the configuration steps being confusing, the ARM configuration panel has some options that simply don't work.
Here's an example configuration of what will work:

(and yes I'll let the github admin know my suggestion :) )

bobsyouruncle_0-1682996009865.png

https://simple-security.ca/2023/05/02/cheat-sheet-for-configuring-carbon-black-cloud-edr-for-sentine... 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by SocInABox (Iron Contributor)
SocInABox

‎May 01 2023 07:54 PM - edited ‎May 03 2023 11:42 AM

‎May 01 2023 07:54 PM - edited ‎May 03 2023 11:42 AM

Solution

Re: Carbon Black Cloud Connector not working?

@Clive_Watson 

I got it working.
Aside from the configuration steps being confusing, the ARM configuration panel has some options that simply don't work.
Here's an example configuration of what will work:

(and yes I'll let the github admin know my suggestion :) )

bobsyouruncle_0-1682996009865.png

https://simple-security.ca/2023/05/02/cheat-sheet-for-configuring-carbon-black-cloud-edr-for-sentine... 

View solution in original post

0 Likes
Reply