Hi there community peeps! Had a quick question to see if anyone has had any experience with getting the Carbon Black Defense Event source setup? I seem to be running into some slight difficulties getting it work and just wanted to see anyone may have some advice on the configuration aspect?
I followed the docs from Rapid 7 / Carbon Black. Can not seem to get the event source to ingest data. I have a support case open with Rapid, but I was hoping maybe another user on the forum may have had some gotcha experience or had experienced this challenge before
I am happy to report I figured out the issue. There is a very important step one must do when configuring this event source. In the Carbon Black Defense console, you must go to settings, notifications & then configure threat notifications for your api key and set the threshold.
The docs provided on the rapid 7 side do not seem to mention this and after reviewing the carbon black docs they dont really do it justice either lol. Link below to the rapid documentation if someone from rapid wanted to make a note of this =)