Announcing Container Fields in Process Search APIs
Posted on August 17, 2023
Overview
VMware Carbon Black’s new Cloud Native Detection and Response (CNDR) capabilities deliver enhanced threat detection for
containers and Kubernetes within a single, unified platform. CNDR provides VMware Carbon Black customers with unified
visibility, security, and control in highly dynamic and complex modern application environments. These enhancements aim
to deliver runtime protection for Linux containers to provide a scalable approach for protecting applications from
emerging threats and helping eliminate blind spots for attackers to exploit.
The existing Process Search APIs have
been enhanced to include the following k8s and containers fields:
- container_cgroup
- container_id
- container_image_hash
- container_image_name
- container_name
- process_container_pid
- k8s_cluster
- k8s_kind
- k8s_namespace
- k8s_pod_name
- k8s_workload_name
Field definitions, the routes they are available on and the data type are on the Search Fields - Investigate page.
Use Cases
Through these APIs you can
- Search processes using Kubernetes metadata, including container and Kubernetes context
Requirements
- Carbon Black Cloud Container Advanced
- Latest Kubernetes Sensor
- All API calls require an API key with appropriate permissions, see Authentication for details
APIs
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community.
- Report bugs and change requests to Carbon Black Support.
- We want to hear from you! Share your great ideas with us here.
- Stay up to date with the latest news by subscribing to the Developer Network Newsletter.