Netskope Help

Carbon Black Plugin for Threat Exchange

This document explains how to configure Carbon Black with Threat Exchange in the Netskope Cloud Exchange platform. This integration allows for sharing of event driven intelligence that has been identified by Carbon Black Cloud or Netskope.

Prerequisites

To complete this configuration, you need:

  • A Netskope Tenant (or multiple, for example, production and development/test instances)

  • A Secure Web Gateway subscription for URL sharing

  • A Threat Prevention subscription for malicious file hash sharing

  • A Netskope Cloud Exchange tenant with the Threat Exchange module configured

  • A Carbon Black Cloud License

    • For ingest of event driven intelligence from Carbon Black: CBC NGAV or CBC EDR

    • For consumption of intelligence from Netskope: CBC EDR

Workflow
  1. Create a custom File Profile.

  2. Create a Malware Detection Profile.

  3. Create a Real-time Protection Policy.

  4. Get the Netskope token.

  5. Create Carbon Black API credentials.

  6. Configure the Threat Exchange Plugin.

  7. Configure a Carbon Black Plugin.

  8. Configure sharing between Netskope and Carbon Black.

  9. Validate the Carbon Black Plugin.

Click play to watch a video.