Carbon Black Cloud Threat Intelligence Connector
Posted on April 28, 2022
The Carbon Black Cloud Threat Intelligence connector allows the importing of threat intelligence data by using the STIX/TAXII standards.
This new version supports the major versions of STIX (1.2/2.0/2.1). In contrast to the previous version it is a standalone connector with improved usability and more features, rather than part of the CBC SDK.
To use this connector you must have the following products:
- Carbon Black Cloud, Enterprise EDR
- Carbon Black Cloud Threat Intelligence Connector (GitHub)
- Third-Party Threat Intelligence data (STIX 1.x/2.x or TAXII 1.x/2.x)
We have created a detailed guide for you to follow in order to install and use the connector. The guide is located in the developer network here.
You will learn:
- Parsing of STIX Files (STIX 1.x / 2.x)
- Parsing STIX data out of TAXII Servers/Services (TAXII 1.x/2.x)
- Create Feeds in Carbon Black Cloud
- Create Watchlists in Carbon Black Cloud
- The mappings from STIX Objects to Carbon Black Cloud Indicator of Compromises (IOCs)
- How it all works together
- Installing the connector inside a Docker container with a CRON job setup
- Known problems with STIX/TAXII
- Helpful articles to help you understand better STIX and TAXII