Integrating VMware vRealize Automation SaltStack SecOps with VMware Carbon Black Workload
Introduction
The VMware vRealize Automation SaltStack SecOps integration with VMware Carbon Black Workload combines intelligent vulnerability insight with powerful IT automation for complete detection and remediation of dangerous vulnerabilities and misconfigurations. By integrating Carbon Black and vRealize Automation technologies, security and IT teams can bridge the gap between security and IT workflows and deliver the last mile of security remediation through a unified, automated solution.
Key Benefits
- Eliminate manual security data handovers between SOC and IT operations teams.
- Fix vulnerabilities fast, at any scale.
- Report fixes back to Carbon Black for closed-loop visibility
Features
- Automated API handoff from Carbon Black Cloud Workload to vRealize Automation SaltStack SecOps
- Vulnerability analyzer lets the user know which vulnerabilities from Carbon Black can be automatically remediated
- Prioritize OS vulnerabilities in vRealize Automation SaltStack SecOps and remediate with the click of a button
- Use out-of-the-box Center for Internet Security (CIS) certified content to enforce and maintain security compliance on IT systems.
Review this resource and embedded videos to learn step-by-step how to integrate and operationalize Carbon Black Cloud Workload and vRealize Automation SaltStack SecOps. Operationalization includes patching vulnerabilities and assessing your compliance posture in your workload population.
Prerequisites
In order to take advantage of this integration you must have access to the following products:
- VMware Carbon Black Cloud Workload
- vRealize Automation SaltStack Config (part of vRealize Automation 8+)
- VMware vRealize Automation SaltStack SecOps component
Carbon Black Cloud Configuration
Create Custom Access Level
Access levels offer the ability to create custom levels of access for your integrations with other security products. Create custom access levels with specific, granular permissions to apply to an API key.
API Access Level Details
To allow SaltStack SecOps to access the appropriate level of information in Carbon Black, add a new access level with the following permissions.
Category |
Permissions Name |
Notation Name |
Create |
Read |
Update |
Delete |
Execute |
Device |
General Information |
device |
|
X |
|
|
|
Vulnerability |
Vulnerability Assessment Data |
vulnerabilityAssessment.data |
|
X |
|
|
X |
Create API Key
Select API Access > API Keys > Add API Key
- Access Level Type: Custom
- Custom Access Level: Select your previously created access level
SaltStack Configuration
Configure Connector
In the SaltStack SecOps console, you will now want to configure the connection back to the Carbon Black Cloud.
Navigate to Settings > Connectors > VMware Carbon Black
Here the connector will request information on URL, Token, Org Key, and SSL Verification.
Refer to the below table to populate with the appropriate information.
URL |
Determine your Carbon Black URL with this KB Article. |
Token |
To find your credentials, navigate to Settings > API Access Select the drop down to the right of your SaltStack Credential. Here you will find your API ID and API Secret Key. Copy this information out and format the Token as; SECRET_KEY/API_ID |
Org Key |
Find your Carbon Black Org Key. Navigate to Settings > API Access in Carbon Black Cloud Org Key will be available in the top left. |
Verify SSL |
Set to TRUE. |
Operationalizing SaltStack & Carbon Black Cloud
In order to operationalize this integration review videos Part 1 and Part 2.
Patching Vulnerabilities
Compliance Benchmarking
Summary and Additional Resources
Additional Resources
Changelog
The following updates were made to this guide:
Date |
Description of Changes |
2021/11/11 |
|
About the Author and Contributors
- Dale McKay, Senior Technical Marketing Architect, Network and Advanced Security Business Group, VMware
Feedback
Your feedback is valuable.
To comment on this paper, contact VMware Security Business Unit Technical Marketing at sbu_tech_content_feedback@vmware.com.