Collective Defense Cloud API Authentication

Requirements

Each CB Protection Inspection customer can be setup with an Activation Token. This token is used to activate the service and acquire a permanent set of credentials that can be used to authenticate with the Collective Defense Cloud.

That activation token and subsequent credentials confers all rights and capabilities assigned to that installation.

Therefore, treat your activation token and subsequent credentials as you would your password. If the activation token or the credentials are missing or compromised, please notify Carbon Black requesting a reset.

To request a new set of credentials for use with CB Inspection, please contact the Sales team.

Activation

Note - The temporary activation token can be used once shortly after being issued and is then disabled. If you have already used the temporary activation token, and did not successfully save the subsequent credentials, you will need to request a new activation token.

Once you have the temporary activation token, you can call the CB Inspection API to activate the credentials. In the response, you will receive permanent credentials that can be used to authenticate subsequent requests.

For an API request to the activate, make this call: make a post to http://threatintel.bit9.com/api/v1/activation/B9-WIN-TIFA-STD with the value of the activation token passed in the request header “X-Tic-Activation-Token”

For example, to activate the service with an activation token of ‘a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1’:

$ curl -H 'X-Tic-Activation-Token:a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1' https://threatintel.bit9.com/api/v1/activation/B9-WIN-TIFA-STD
{
  "access_key": "eeacdcc1b-e5e5-f6f6abab-0101010101aad",
  "secret_access_key": "Kp7B9fkZxm5TloYuXUGb566OC00YWQ5LTkwZjc3NTU2M2Ex"
}

Authenticating with Collective Defense Cloud

Subsequent reqeusts to the Collective Defense Cloud should include these permanent credentials in the request headers.

for example, a request to the CB Inspection report would look like this:

$ curl -H 'X-Tic-User-Key:eeacdcc1b-e5e5-f6f6abab-0101010101aad' -H 'X-Tic-User-Secret:Kp7B9fkZxm5TloYuXUGb566OC00YWQ5LTkwZjc3NTU2M2Ex' https://threatintel.bit9.com/api/v1/inspection/report/a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0

Alternatively, in python 2.7.n,

import requests
auth_headers = {
    "X-Tic-User-Key": "eeacdcc1b-e5e5-f6f6abab-0101010101aad",
    "X-Tic-User-Secret": "Kp7B9fkZxm5TloYuXUGb566OC00YWQ5LTkwZjc3NTU2M2Ex"
}
url = "https://threatintel.bit9.com/api/v1/inspection/report/a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0"
print requests.get(url, headers=auth_headers).content
Last modified on October 10, 2016