Carbon Black Cloud API Enhancements
Posted on September 30, 2019
We have exposed new enhancements to the Alerts and Devices Platform APIs, giving you more efficient control over the devices and data in your organizations. The most current documentation on these APIs is available at the Platform APIs page.
Enhanced Alerts API & Use Case Workflows
We have extended the capabilities of the Alerts API by improving the methods of retrieving alerts and adding functionality to manage the workflows.
With the addition of the Search Request pathway in the Alerts API, you can now filter on dozens of fields, including creation time, category, type, status, tag, and more, allowing you to more efficiently call the API. A full list of filterable criteria is available in the Alerts API Documentation.
Additionally, we have enabled greater control of workflows with the ability to bulk dismiss alerts
Device Management & Actions
Significant improvements have been made to the Devices API around retrieving device information and performing actions on devices. A wider range of filterable fields are available, including policy ID, status, operating system, last contact time, and more.
You can now search for devices, export a list of devices, and get specific device information with the enhanced Devices API. These routes take advantage of the wider range of filterable fields available, enabling you to be more efficient when calling the API.
Further enhancements also add the functionality to perform actions on devices. You can now perform actions on individual devices such as quarantine/unquarantine, enable or disable bypass, upgrade to a new sensor version, and more.
RBAC Permissions
These enhanced APIs use Role Based Access Control, which allows you to apply access controls and create least-privileged API keys. Ensure you’re using API keys with the correct permissions by reviewing our Carbon Black Cloud Authentication Guide.