Back to Blogs
How to migrate to Alerts v7 APIs
How to migrate to Alerts v7 APIs
Posted on July 9, 2023
Overview
In the Alerts v7 API we have extended the capabilities of the Alerts API by improving the methods of retrieving alerts and adding functionality to manage the workflow by updating the alert status. This will allow you to more efficiently call an API by providing a wider range of filterable fields, including creation time, type, status, tag and more, as well as the ability to close alerts. New features include:
- Single endpoint to manage workflows across single or groups of alerts or threats with the use of appropriate search criteria, replacing four endpoints
- Ability to validate a search before execution with “Validate Search” endpoint
- Ability to add user-defined tags to the Alert or the Threat
- Ability to get statistical information about Alerts over a time period with the Histogram endpoint
Note: This blog was updated on 10th Oct 2023 with additional information.
Requirements
- Endpoint Standard or Enterprise EDR product
- All API calls require an API key with appropriate permissions, see Authentication for details
How to Migrate
Everything you need is in the Alerts v7 API Migration Guide.
Note: As part of the Alerts v7 API release and Alert Forwarder Schema v2, Observed Alerts were removed.- Observed Alerts will continue to be returned in Alerts v6 API responses and Data Forwarder Alert Schema v1.
- An Observed Alert can only be enriched by
- Searching Enriched Events by
alert_id - Searching Observations by
event_idusingcreated_by_event_idfrom the Observed Alert
- Searching Enriched Events by
- An Observed Alert is identified by
category=MONITOREDin the API response andWARNINGin the Alert Forwarder output. - Observed Alerts are not returned in Alerts v7 API responses or in the Data Forwarder Alert Schema v2.
- See Announcing the Alerts V7 API and “Observed Alerts” Become “Observations” for more information.
Deactivation timeline
The Alerts v6 API will be deactivated on September 5, 2024. (Updated September 2023.)
Resources
- Alert v7 API Announcement
- Alerts v6 Migration Guide
- Alerts API Reference
- Carbon Black Postman Workspace
- Carbon Black Cloud Python SDK - Release 1.5.0 is coming soon with the Alerts v7 API
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
- Report bugs and change requests to Carbon Black Support.
- Stay up to date with the latest news by subscribing to the Developer Network Newsletter.