Integrating VMware vRealize Automation SaltStack SecOps with VMware Carbon Black Workload

Introduction

The VMware vRealize Automation SaltStack SecOps integration with VMware Carbon Black Workload combines intelligent vulnerability insight with powerful IT automation for complete detection and remediation of dangerous vulnerabilities and misconfigurations. By integrating Carbon Black and vRealize Automation technologies, security and IT teams can bridge the gap between security and IT workflows and deliver the last mile of security remediation through a unified, automated solution.

Key Benefits

  • Eliminate manual security data handovers between SOC and IT operations teams.
  • Fix vulnerabilities fast, at any scale.
  • Report fixes back to Carbon Black for closed-loop visibility

Features

  • Automated API handoff from Carbon Black Cloud Workload to vRealize Automation SaltStack SecOps
  • Vulnerability analyzer lets the user know which vulnerabilities from Carbon Black can be automatically remediated
  • Prioritize OS vulnerabilities in vRealize Automation SaltStack SecOps and remediate with the click of a button
  • Use out-of-the-box Center for Internet Security (CIS) certified content to enforce and maintain security compliance on IT systems.

Review this resource and embedded videos to learn step-by-step how to integrate and operationalize Carbon Black Cloud Workload and vRealize Automation SaltStack SecOps. Operationalization includes patching vulnerabilities and assessing your compliance posture in your workload population.

 

Prerequisites

In order to take advantage of this integration you must have access to the following products:

  • VMware Carbon Black Cloud Workload
  • vRealize Automation SaltStack Config (part of vRealize Automation 8+)
  • VMware vRealize Automation SaltStack SecOps component

 

Carbon Black Cloud Configuration

Create Custom Access Level

Access levels offer the ability to create custom levels of access for your integrations with other security products. Create custom access levels with specific, granular permissions to apply to an API key.

Graphical user interface, application</p>
<p>Description automatically generated

API Access Level Details

To allow SaltStack SecOps to access the appropriate level of information in Carbon Black, add a new access level with the following permissions.

Category

Permissions Name

Notation Name

Create

Read

Update

Delete

Execute

Device

General Information

device

 

X

 

 

 

Vulnerability

Vulnerability Assessment Data

vulnerabilityAssessment.data

 

X

 

 

X

 

Create API Key

Select API Access > API Keys > Add API Key

  • Access Level Type: Custom
  • Custom Access Level: Select your previously created access level

Graphical user interface, text, application, email</p>
<p>Description automatically generated

SaltStack Configuration

Configure Connector

In the SaltStack SecOps console, you will now want to configure the connection back to the Carbon Black Cloud.

Navigate to Settings > Connectors > VMware Carbon Black

Graphical user interface, application</p>
<p>Description automatically generated

Here the connector will request information on URL, Token, Org Key, and SSL Verification.

Refer to the below table to populate with the appropriate information.

URL

Determine your Carbon Black URL with this KB Article.  

(KB Details)

Token

To find your credentials, navigate to Settings > API Access

Select the drop down to the right of your SaltStack Credential.

Graphical user interface, application</p>
<p>Description automatically generated

Here you will find your API ID and API Secret Key.

Graphical user interface, application</p>
<p>Description automatically generated

Copy this information out and format the Token as; SECRET_KEY/API_ID

Org Key

Find your Carbon Black Org Key.

Navigate to Settings > API Access in Carbon Black Cloud

Org Key will be available in the top left.

Graphical user interface, application</p>
<p>Description automatically generated

Verify SSL

Set to TRUE.

Operationalizing SaltStack & Carbon Black Cloud

In order to operationalize this integration review videos Part 1 and Part 2.

Patching Vulnerabilities

 

 

Compliance Benchmarking

 

Summary and Additional Resources

Additional Resources

 

Changelog

The following updates were made to this guide:

Date

Description of Changes

2021/11/11

  • Guide was published.

About the Author and Contributors

Dale McKay is a technology evangelist and strategist with deep expertise in security, virtualization, and networking. He has extensive knowledge of a variety of technologies for meeting the strategic and tactical needs of clients. He has strong real-world, hands-on skills in cybersecurity, with his focus being on implementing policies and operating procedures that help his customers address their cybersecurity demands. He is an experienced leader in determining client needs, delivering solutions, and building relationships.

  • Dale McKay, Senior Technical Marketing Architect, Network and Advanced Security Business Group, VMware

Feedback

Your feedback is valuable.

To comment on this paper, contact VMware Security Business Unit Technical Marketing at sbu_tech_content_feedback@vmware.com.

 

 

 

 

Associated Content

From the action bar MORE button.

Filter Tags

Securing Multi-Cloud VMware Carbon Black Cloud Workload Document API and Integration Intermediate Integrate