Carbon Black - ThreatExchange Connector
Carbon Black provides integration with ThreatExchange by retrieving Indicators of Compromise (IOCs) from specified communities. To support this integration, Carbon Black provides an out-of-band bridge that communicates with the ThreatExchange API.
As root on your Carbon Black or other RPM based 64-bit Linux distribution server:
cd /etc/yum.repos.d curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo yum install python-cb-threatexchange-connector
Once the software is installed via YUM, copy the
/etc/cb/integrations/threatexchange/connector.conf.example file to
Edit this file and place your Carbon Black API key into the
carbonblack_server_token variable and your Carbon Black server's base URL into the
Once you have the connector configured for your API access, start the ThreatExchange service:
service cb-threatexchange-connector start
Any errors will be logged into
Version 1.2 adds a custom User-Agent to the HTTP requests made to ThreatExchange.
Version 1.1 of the ThreatExchange connector introduces persistent storage for historical ThreatExchange feed data.
The connector will now only query for new indicators that have been produced since the last time it was run (by default,
every two hours; configurable via
feed_retrieval_minutes in the configuration file) and store all indicators for a
maximum duration (by default, 7 days; configurable via
tx_historical_days in the configuration file).
The feed data is stored in a SQLite database in
If you suspect a problem, please first look at the ThreatExchange connector logs found here:
(There might be multiple files as the logger "rolls over" when the log file hits a certain size).
- Use the Developer Community Forum to discuss issues and ideas with other API developers in the Carbon Black Community.
- Report bugs and change requests through the GitHub issue tracker. Click on the + sign menu on the upper right of the screen and select New issue. You can also go to the Issues menu across the top of the page and click on New issue.
- View all API and integration offerings on the Developer Network along with reference documentation, video tutorials, and how-to guides.