Back to Blogs

Announcing Container Fields in Process Search APIs

Posted on August 17, 2023


VMware Carbon Black’s new Cloud Native Detection and Response (CNDR) capabilities deliver enhanced threat detection for containers and Kubernetes within a single, unified platform. CNDR provides VMware Carbon Black customers with unified visibility, security, and control in highly dynamic and complex modern application environments. These enhancements aim to deliver runtime protection for Linux containers to provide a scalable approach for protecting applications from emerging threats and helping eliminate blind spots for attackers to exploit.

The existing Process Search APIs have been enhanced to include the following k8s and containers fields:

  • container_cgroup
  • container_id
  • container_image_hash
  • container_image_name
  • container_name
  • process_container_pid
  • k8s_cluster
  • k8s_kind
  • k8s_namespace
  • k8s_pod_name
  • k8s_workload_name

Field definitions, the routes they are available on and the data type are on the Search Fields - Investigate page.

Use Cases

Through these APIs you can

  • Search processes using Kubernetes metadata, including container and Kubernetes context


  • Carbon Black Cloud Container Advanced
  • Latest Kubernetes Sensor
  • All API calls require an API key with appropriate permissions, see Authentication for details


More Information

Have questions or feedback?

  • Stay up to date with the latest news by subscribing to the Developer Network Newsletter.