Announcing VMware Carbon Black Cloud App for QRadar v2.2.0

Posted on May 3, 2023

---

We’re pleased to announce version 2.2.0 of the VMware Carbon Black Cloud App for QRadar. This release includes new features, a redesign of the configuration experience with improved feedback, bugs fixes and compatibility with QRadar 7.5.

New Features:

• Refresh of the user interface for configuration of the app
  • New design and validations.
  • When selecting Settings > Configuration requests are triggered to check the validity. If there is something wrong with the credentials, the Device API or Alerts API at the current moment, validation errors will be shown.
• Update of admin privileges
  • Carbon Black Cloud > Settings > Configuration is hidden behind admin privileges.
  • Everything else, including Devices Tab, is accessible without admin privileges.
• Two new right-click actions Get Process Details and View Alert. This requires changes to the permissions on the custom API key. See What to do before Upgrade for details.
• Use new Policy Service to pull policies. This requires changes to the permissions on the custom API key. See What to do before Upgrade for details.
• Added Reset Configuration and Test Configuration functionalities.
• Added Custom Event Collector IP input field under Settings > App Configuration to provide a way to configure Custom Event Collector.
• Support for parsing additional fields for Watchlist Hits.

Bug Fixes:

• Fixes of the poll procedure.
• Remove redundant logging of proxy error when proxy is not enabled.
• Resending alerts when we have IO error.
• Added validation of query parameters for right-click actions.
• Upgrade few packages due to vulnerabilities.

Documentation Updates:

• Because of the major rewrite of the UI and some functionalities, we created a copy of the documentation to preserve previous user guides for anyone that is still using previous versions. However we highly recommend upgrading to the latest version.

What to do before Upgrade:

• Before you upgrade from 2.1.1 to 2.2.0 you need to go to Carbon Black UI and add two more permissions in your Custom Key:
  • Policies (org.policies) - READ
  • Events (org.search.events) - READ.

Resources:

• VMware Carbon Black Cloud App on IBM App Exchange
• Installation and User Guide for VMware Carbon Black Cloud App
• Previous User Guides for VMware Carbon Black Cloud App
• Release notes for VMware Carbon Black Cloud App

Have questions or feedback?

• Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
• Report bugs and change requests to Carbon Black Support
• Give us feedback
• Subscribe to the Developer Network Newsletter