ThreatDefence integrates with VMware Carbon Black Cloud to collect alerts and endpoint telemetry for continuous monitoring and threat detection.
Sign in to the VMware Carbon Black Cloud Console.
Navigate to Settings → API Access.
On the Access Levels tab, click Add Access Level.
Configure:
Name: e.g., ThreatDefence Carbon Black
Description: e.g., Access level for ThreatDefence SIEM integration
Permissions:
In the Alerts row → General Information → set READ
Note: Selecting this automatically sets the "Copy permissions from" field to Custom.
Click Save.
Go to Settings → API Access → API Keys tab.
Click Add API Key.
Configure:
Name: e.g., ThreatDefence API
Access Level type: Custom
Custom Access Level: select the one created in Step 1
Save the key and record the following securely:
API ID
API Secret Key
ORG Key
ORG ID
Hostname / Base API URL
These credentials will be used by ThreatDefence to establish secure API-based collection.
Open a support request via the ThreatDefence Service Desk and include:
API ID
API Secret Key
ORG Key
ORG ID
Hostname (API URL)
Once provided, ThreatDefence will:
Validate API connectivity.
Onboard Carbon Black telemetry into your SIEM view.
Confirm ingestion of alerts and endpoint activity logs.
Last updated
