Documentation Index
Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
Use this file to discover all available pages before exploring further.
What this integration is
This integration ingests VMware Carbon Black Cloud alert data into your SOCFortress SIEM stack using the Carbon Black Cloud APIs.Data path (how it flows)
- Carbon Black Cloud → API polling/collector
- Collector → SIEM ingestion (indexing/search)
- Optional: alerting + routing into Incident Management
Prerequisites
- Carbon Black Cloud console access
- API access enabled
- Alerts API: https://developer.carbonblack.com/reference/carbon-black-cloud/platform/latest/alerts-api/
Credentials & permissions you’ll need
From the Carbon Black Cloud console:- API ID
- API Secret Key
- ORG Key
- ORG ID
- Base API hostname (e.g.,
https://defense.conferdeploy.net)
- a custom access level with Alerts: READ
- an API key bound to that access level
CoPilot setup (recommended workflow)
- Provision the customer (tenant wiring).
- In CoPilot → customer → Integrations → Add integration → Carbon Black.
- Paste the API credentials + org identifiers.
- Deploy/start the collector/connector component (if your deployment model uses a containerized collector).
Success criteria
- Carbon Black alerts are arriving
- Alerts/events are tagged to the correct customer
Troubleshooting
- Confirm API key permissions include alerts read access.
- Confirm ORG identifiers match your tenant.
- Validate base URL/region (commercial vs other environments).
- Check collector logs for rate limiting/auth failures.