![]() Both the ‘Investigate’ and ‘Go Live’ capabilities are guarded by the Admin’s login and their subsequent RBAC permissions. The intent behind the redirects is to avoid any concerns around RBAC roles granted to specific admins. ‘Go Live’ – Simple URL redirect to the Go Live URL formatted with the corresponding device_id from the Notification.‘Virus Total Lookup’ – Once again, a simple URL redirect, which takes the hash from the ‘Threat Cause Actor’ and appends it to the VT lookup URL string.‘Investigate’ – This is a simple URL redirect, which reformats the URL for the Alerts page, via auto adding of the Incident_id/Threat_id for the corresponding alert.Then, I leveraged Slack’s simple API messenger and Block Kit builder to post the associated contents in an easy-to-read formatĪ Slack bot, with API Webhooks enabled, to then respond to the prior alert notification, and offer actions available within the Carbon Black Cloud Console.This was done via leveraging the Cbapi Notification Listener to grab the alert.There are 2 parts to the script:Īutomatic Posting of CB Endpoint Standard (CBD) and CB Enterprise EDR (CBTH) Alert Information into Slack This request is further proliferated by the change in how we work, dictated by the global pandemic, and ensuing quarantine.Įnter: the Carbon Black Cloud Slack App. Jokes aside, many months ago I put my limited coding prowess and tenuous (at best) knowledge of the API to the test and attempted to create a way to port Alert Notifications from the VMware Carbon Black into Slack.Ĭoming from the pre-sales side as a Solution Engineer, I have oft’ heard requests to bring Alerting into the same medium that many SecOps team members would use to communicate: Slack. ![]() Are you like me?ĭo you want all of your security product alerts to be in the same place you communicate with your team members? Do you want emojis to that resemble the mood you feel after getting a high-score alert? Well want no longer – introducing the Carbon Black Cloud Slack App (ages 10+)! VMware does not guarantee the samples they are provided “AS IS”. All sample content and code in the Community Showcase is licensed to you by the sample’s author. Disclaimer: This app was created and submitted by a member of the developer community.
0 Comments
Leave a Reply. |