Back to Blogs
New Release: Carbon Black Cloud Platform Search APIs
New Release: Carbon Black Cloud Platform Search APIs
Posted on October 2, 2020
We are happy to announce the release of two new search APIs for the Carbon Black Cloud:
These APIs help you find specific applications and their activity across all endpoint events and processes reported by Carbon Black Cloud sensors. You can:
- Search for endpoint activity at the process or the individual event level
- Retrieve summaries or details about events, including statistical selections of the most prevalent values for some of the most interesting data fields
- Formulate valid search queries — get suggestions for partial fields or values and validate queries before running them in the Search service
- Manage your submitted search queries — check the status of a long-running queries and even cancel queries
Which API is right for me?
- To search for processes and events associated with a process, use the Platform Search API for Processes (for Endpoint Standard or Enterprise EDR)
- To search for enriched events, use the Platform Search API for Enriched Events (for Endpoint Standard)
Routes in preview
Some routes are for “preview only”, meaning you may use them, but the next release may include breaking changes to the existing version of the routes.
Routes for “preview only” include:
- Process Detail Searches with the structure:
/api/investigate/v2/orgs/{org_key}/processes/detail_jobs - Process Summary Searches with the structure:
/api/investigate/v2/orgs/{org_key}/processes/summary_jobs - Enriched Event Detail Searches with the structure:
/api/investigate/v2/orgs/{org_key}/enriched_events/detail_jobs
Looking to export alert or event data in bulk instead?
Use the Data Forwarder Configuration API to push Endpoint Standard or Enterprise EDR data to an AWS S3 bucket (now with event filtering!).