Notifications API Schema

Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.

Version: v3

Notifications Schema for Enterprise EDR

Note: This page will be updated with more information regarding the fields and their descriptions.

Request

GET /integrationServices/v3/notification

Response

{
      "threatHunterInfo": {
        "incidentId": "JYXTEXWW-000a49ed-00001158-00000000-1d485c62b4b1262-vUVKQ3VTAWf1PMlYFJZg-565615",
        "score": 2,
        "summary": "Bypass User Account Control - Generic MMC Launching Processes",
        "time": 1543406869024,
        "indicators": [
          {
            "applicationName": "cmd.exe",
            "sha256Hash": "9023f8aaeda4a1da45ac477a81b5bbe4128e413f19a0abfa3715465ad66ed5cd",
            "indicatorName": "565615-0"
          }
        ],
        "watchLists": [
          {
            "id": "GgX4q2dATcervTA5Y2nllg",
            "name": "ATT&CK Framework",
            "alert": true
          }
        ],
        "iocId": "565615-0",
        "count": 0,
        "dismissed": false,
        "documentGuid": "W2_fVn_OT0Gb_IAe66zRsA",
        "firstActivityTime": 1543424484422,
        "md5": "0d088f5bcfa8f086fba163647cd80cab",
        "policyId": 782546,
        "processGuid": "JYXTEXWW-000a49ed-00001158-00000000-1d485c62b4b1262",
        "processPath": "c:\\windows\\system32\\cmd.exe",
        "reportName": "Bypass User Account Control - Generic MMC Launching Processes",
        "reportId": "vUVKQ3VTAWf1PMlYFJZg-565615",
        "reputation": "NOT_LISTED",
        "responseAlarmId": "JYXTEXWW-000a49ed-00001158-00000000-1d485c62b4b1262-vUVKQ3VTAWf1PMlYFJZg-565615",
        "responseSeverity": 2,
        "runState": "RAN",
        "sha256": "9023f8aaeda4a1da45ac477a81b5bbe4128e413f19a0abfa3715465ad66ed5cd",
        "status": "UNRESOLVED",
        "tags": null,
        "targetPriority": "MISSION_CRITICAL",
        "threatCause": {
          "actor": "9023f8aaeda4a1da45ac477a81b5bbe4128e413f19a0abfa3715465ad66ed5cd",
          "actorName": "cmd.exe",
          "reason": "Bypass User Account Control - Generic MMC Launching Processes",
          "actorType": null,
          "threatCategory": "RESPONSE_WATCHLIST",
          "actorProcessPPid": null,
          "causeEventId": null,
          "reputation": "NOT_LISTED",
          "originSourceType": "UNKNOWN"
        },
        "threatId": "4fb2441c160b3590621bb4cbb7a8592c",
        "lastUpdatedTime": 0
      },
      "url": "https://defense-dev01.cbdtest.io",
      "eventTime": 1543424484422,
      "eventDescription": "",
      "deviceInfo": {
        "deviceName": "win10x64v1809",
        "deviceType": "WINDOWS",
        "deviceHostName": null,
        "targetPriorityType": "MISSION_CRITICAL",
        "targetPriorityCode": 0,
        "deviceVersion": null,
        "groupName": "Standard",
        "email": "bit9qa",
        "internalIpAddress": "10.210.161.10",
        "externalIpAddress": "144.121.3.50",
        "deviceId": 674285
      },
      "ruleName": "watchlist",
      "type": "THREAT_HUNTER"
    },
    {
      "threatHunterInfo": {
        "incidentId": "JYXTEXWW-000a49ed-0000119c-00000000-1d4873bfe7a643b-vUVKQ3VTAWf1PMlYFJZg-565635",
        "score": 1,
        "summary": "DCOM - svchost Launching Command Interpreter",
        "time": 1543406869058,
        "indicators": [
          {
            "applicationName": "googleupdate.exe",
            "sha256Hash": "f67355a6659e21d8d97e6982b28f22453f8c298e822e27faddb440da4a6de7c0",
            "indicatorName": "565635-0"
          }
        ],
        "watchLists": [
          {
            "id": "GgX4q2dATcervTA5Y2nllg",
            "name": "ATT&CK Framework",
            "alert": true
          }
        ],
        "iocId": "565635-0",
        "count": 0,
        "dismissed": false,
        "documentGuid": "yQUnHWu7QVqNsKx6UUVmlw",
        "firstActivityTime": 1543424484516,
        "md5": "750446ed76a5d13e902174dddda1a62b",
        "policyId": 782546,
        "processGuid": "JYXTEXWW-000a49ed-0000119c-00000000-1d4873bfe7a643b",
        "processPath": "c:\\program files (x86)\\google\\update\\googleupdate.exe",
        "reportName": "DCOM - svchost Launching Command Interpreter",
        "reportId": "vUVKQ3VTAWf1PMlYFJZg-565635",
        "reputation": "TRUSTED_WHITE_LIST",
        "responseAlarmId": "JYXTEXWW-000a49ed-0000119c-00000000-1d4873bfe7a643b-vUVKQ3VTAWf1PMlYFJZg-565635",
        "responseSeverity": 1,
        "runState": "RAN",
        "sha256": "f67355a6659e21d8d97e6982b28f22453f8c298e822e27faddb440da4a6de7c0",
        "status": "UNRESOLVED",
        "tags": null,
        "targetPriority": "MISSION_CRITICAL",
        "threatCause": {
          "actor": "f67355a6659e21d8d97e6982b28f22453f8c298e822e27faddb440da4a6de7c0",
          "actorName": "googleupdate.exe",
          "reason": "DCOM - svchost Launching Command Interpreter",
          "actorType": null,
          "threatCategory": "RESPONSE_WATCHLIST",
          "actorProcessPPid": null,
          "causeEventId": null,
          "reputation": "TRUSTED_WHITE_LIST",
          "originSourceType": "UNKNOWN"
        },
        "threatId": "19a351cb41c96473bafcdedfb06ee189",
        "lastUpdatedTime": 0
      },
      "url": "https://defense-dev01.cbdtest.io",
      "eventTime": 1543424484516,
      "eventDescription": "",
      "deviceInfo": {
        "deviceName": "win10x64v1809",
        "deviceType": "WINDOWS",
        "deviceHostName": null,
        "targetPriorityType": "MISSION_CRITICAL",
        "targetPriorityCode": 0,
        "deviceVersion": null,
        "groupName": "Standard",
        "email": "bit9qa",
        "internalIpAddress": "10.210.161.10",
        "externalIpAddress": "144.121.3.50",
        "deviceId": 674285
      },
      "ruleName": "testNotif2",
      "type": "THREAT_HUNTER"
    }

Last modified on February 7, 2023