Access official resources from Carbon Black experts
sudo rpm -ivh python-cb-threatq-connector-1.0.0-10.x86_64.rpm --ignoreos --nofiledigest
a. mkdir /etc/carbonblack b. touch /etc/carbonblack/credentials.response a. vi /etc/carbonblack/credentials.response as below. (Note: the "token" value is an admin token found in the user Profile page of Web UI.)
[default] url=https://localhost:8443 token=12152549ec1cbfd8568346c034d89b1c12ed6df0 ssl_verify=False
cp /etc/cb/integrations/threatq/connector.conf.example /etc/cb/integrations/threatq/connector.conf vi /etc/cb/integrations/threatq/connector.conf
[auth] #------------------------------------------------------------------------------ # ThreatQ API configuration #------------------------------------------------------------------------------ # This section allows global configuration options to be passed to the ThreatQ feed (IP address is at ThreatQuotient). threatq_host=https://10.232.34.55 # You can specify multiple exports to pull from. Simply list them as a comme-delimited list # Make sure that the tokens are aligned with the IDs # Example: # threatq_export_tokens=export_token_1,export_token_2,export_token_3 # threatq_export_ids=export_id_1,export_id_2,export_id_3 # threatq_export_titles=VERY HIGH RISK Indicators,HIGH RISK Indicators,MEDIUM RISK Indicators threatq_export_tokens={ThreatQuotient-provided-token-here} threatq_export_ids={ThreatQuotient-provided-id-here} threatq_export_titles="CarbonBlack High Confidence" threatq_verify_ssl=false #threatq_http_proxy=put.your.on.prem.proxy.here.com:8080 [bridge] #------------------------------------------------------------------------------ # Core Configuration #------------------------------------------------------------------------------ listener_port=6300 listener_address=127.0.0.1 feed_retrieval_minutes=60 #debug=1 # API key for an admin user of the Carbon Black server carbonblack_server_token=12152549ec1cbfd8568346c034d89b1c12ed6df0 carbonblack_server_sslverify=false # Only uncomment out the carbonblack_server_url below if you are running with a multihome configuation using port 8443 to override the default port of 443. # carbonblack_server_url=https://localhost:8443 # If you need to use an HTTPS proxy to access the iSIGHT API server, uncomment and configure the https_proxy # variable below. #https_proxy=http://proxyuser:proxypass@proxyhostname:proxyport
service cb-threatq-connector start
curl -k http://127.0.0.1:6300/threatq/json?server_token=67avsn733FDICUFfTkYgqp7OP5qeyH4N
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.