Announcing Container Fields in Process Search APIs
Posted on August 17, 2023
Overview
VMware Carbon Black’s new Cloud Native Detection and Response (CNDR) capabilities deliver enhanced threat detection for containers and Kubernetes within a single, unified platform. CNDR provides VMware Carbon Black customers with unified visibility, security, and control in highly dynamic and complex modern application environments. These enhancements aim to deliver runtime protection for Linux containers to provide a scalable approach for protecting applications from emerging threats and helping eliminate blind spots for attackers to exploit.
The existing Process Search APIs have been enhanced to include the following k8s and containers fields:
- container_cgroup
- container_id
- container_image_hash
- container_image_name
- container_name
- process_container_pid
- k8s_cluster
- k8s_kind
- k8s_namespace
- k8s_pod_name
- k8s_workload_name
Field definitions, the routes they are available on and the data type are on the Search Fields - Investigate page.
Use Cases
Through these APIs you can
- Search processes using Kubernetes metadata, including container and Kubernetes context
Requirements
- Carbon Black Cloud Container Advanced
- Latest Kubernetes Sensor
- All API calls require an API key with appropriate permissions, see Authentication for details
APIs
More Information
- Carbon Black Cloud Release Notes
- Carbon Black Cloud User Guide - Investigating Container Events on the Investigate Page
- CBC Postman Collection
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
- Report bugs and change requests to Carbon Black Support.
- Stay up to date with the latest news by subscribing to the Developer Network Newsletter.