Back to Blogs
Announcing the Alert Export API Endpoint
Announcing the Alert Export API Endpoint
Posted on June 18, 2024
Overview
Carbon Black Cloud Alert Export enables up to 25,000 Alert records to be returned in CSV format using the API or from the Alerts page in the console.
The Export Alerts endpoint is asynchronous, allowing long running requests to be made.
- Use the Export Alerts endpoint to create a job with required search criteria to limit the results. A
job_idis returned.- This job may take up to 5 minutes to complete.
- Optionally, use Get Job Progress to check whether the job has completed.
- Use the
job_idin the Download Job Output endpoint in the Jobs Service to get the results. The Download Job API requires the permissionjobs.status - READ.- If more than 25,000 records matched the criteria, the first 25,000 are returned, sorted by
backend_timestampin descending order.
- If more than 25,000 records matched the criteria, the first 25,000 are returned, sorted by
Use Cases
- Alerts are retained in Carbon Black Cloud for 180 days. Customers who need longer term records for compliance or reporting purposes can leverage Alert Export to generate a CSV on a regular basis.
- Managed Detection & Response customers may want to retain a record of the MDR determination on every MDR-eligible alert.
These alerts can be identified using
mdr_alertin the export request:"criteria": { "mdr_alert":true }
Requirements
- Carbon Black Cloud
- API key with appropriate permissions. See Authentication for details.
More Information
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
- Report bugs and change requests to Carbon Black Support
- Subscribe to the Developer Network Newsletter