fbpx

Integrating with Webroot

 

Set Up Instructions

Overview

The Webroot Cloud Connector integration allows you to collect logs and surface detections within Blumira from Webroot’s advanced cloud-based antivirus and antimalware software solution.

Note: You must have Endpoint Protection for the Blumira Cloud Connector to work, DNS protection is optional. If the site has access to DNS Protection, we will pull data from the site.

Before you begin

To configure Blumira’s Webroot Cloud Connector, you must gather the following information from Webroot:

  • Client ID
  • Client Secret
  • Site Name
  • Site Parent Keycode
  • Administrator Username
  • Administrator Password

Note: If you are setting up integrations for multiple sites, you can use the same Site Parent Keycode and Administrator Username and Password, but there will be different values for the Client ID, Client Secret, and Site Name.

To create a new API credential and gather the Client ID and Secret:

  1. Log in to Webroot.
  2. If there are multiple sites in your Webroot account, navigate to the site that Blumira will be pulling data from.
  3. Click Settings.
  4. Click Unity API Access.
  5. Click Create New Client Credential, or click New if you have previously created a different client credential in Webroot.
  6. In the Create New Client Credential window, type a name and description, then click Next.
    Screenshot_2023-01-03_at_4.08.29_PM.png
  7. Under “Do you plan to use the event notification API?”, select Yes.
    Screenshot_2023-01-03_at_4.10.13_PM.png
  8. Under “How do you plan to use Unity API?”, select Integrate with SIEM provider.
  9. Under “Please provide the SIEM provider name”, type Blumira.
  10. Click Next.
  11. (Optional) Type comments for Webroot about the Unity API or leave the comment box blank.
  12. Click Save.
  13. Copy and save the Client ID and the Client Secret to use in later steps in the Blumira Cloud Connector.

To gather your site name(s):

  • If you have multiple sites in Webroot, complete these steps:
    1. In your Webroot Management Console, click Site List.
    2. Under Sites, copy the name of the site for which you will set up the integration.
      Note: If you have multiple sites that you want Blumira to protect, you must configure separate Cloud Connectors for each site.
  • If you have a single site, complete these steps:
    1. In your Webroot Management Console, navigate to Settings.
    2. In Site / Company Name, copy the site name.

To gather the Parent Keycode of your Webroot site:

  1. Navigate to Settings > Account Information.
  2. In Parent Keycode, copy the code to be used in later steps in the Blumira Cloud Connector.

To gather the Administrator Username and Password:

  1. Determine if you will use credentials from an existing Webroot administrator or create a new admin for the integration. (Follow the steps in Webroot’s Adding a new administrator to create a new user profile for the Blumira integration.)
    Note: You can use either a Super Admin or Limited Admin for the integration.
  2. Use the email address of the user as the Username in the Blumira Cloud Connector.
  3. When creating a new password for the administrator, copy and save the password for use in later steps in the Blumira Cloud Connector.

Providing your Webroot credentials to Blumira

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration’s configuration parameters, you can then enable Blumira to collect your logs.

To configure your integration with Blumira Cloud Connector:

  1. In the Blumira app, go to the Cloud Connectors page (Settings > Cloud Connectors).
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector that you want to add.
  4. If you want to change the name of the Cloud Connector, type the new name in the Cloud Connector Name box.
  5. Enter the API credentials that you collected in the “Before you begin” section above.
  6. Click Connect.
  7. On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
    Important: If you previously deployed a Module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.

Endpoints included in the integration

The integration with Webroot delivers these endpoints:

Reference: Find additional details such as status codes and authentication information in Webroot’s Unity API documentation.