<< back to Newsletters

2023 Recap - December Newsletter

Hope you’re ending 2023 on a high note

In this December Newsletter we’ve rounded up all the significant improvements Carbon Black has made throughout 2023.

Carbon Black is Back!

Read about our strategy in the Security Blog and follow along on Linked In.


New Features in Carbon Black Cloud


  • Alerts Enhancement
  • XDR
    • Ability to use IP and host information to attribute network traffic from external systems to process, MITRE TIDs, sophisticated fingerprinting (JA3, Community ID), TLS and HTTP headers at the individual event level
    • Intrusion Detection (IDS) and Network Traffic Analysis (NTA) telemetry and alerts
    • XDR network telemetry baked into v1.1.0 Endpoint Event Forwarder
    • Observations replaces Enriched Events
  • New Policy Controls
    • Core Prevention: Default protective posture, with Process Exclusions and set to Alert Only to tailor for your environment
    • Host Based Firewall: Increases analyst visibility over their organization’s network traffic and adds the ability to control what network traffic is allowed.
  • Asset Groups
    • Sophisticated, dynamic grouping criteria
    • Assets can be assigned to multiple groups
    • Immediate integration with NGAV Policies, and further integrations across Carbon Black Cloud planned in 2024
    • Note: manual migration is needed for existing Sensor Groups
  • API Key Updates
    • Use the Audit Log API with a Custom Type API Key
    • Custom Type API keys can be restricted to authorized IP addresses
    • Visibility of the Last API Key Session Refresh Time !!Part of 1.21 release - blog in PR (maybe)!!
  • Container Security - new features and APIs for automation
  • CIS Benchmark APIs
    • Measure and report compliance of organizational workload assets against industry standard benchmarks

New and Updated Integrations for Carbon Black Cloud

  • NEW! ServiceNow
    • Apps for ServiceNow SecOps, ITSM and Vulnerability Response modules of ServiceNow
  • UPDATED! Python SDK
    • v1.5.0 with support for Alerts v7 API. Now command lines are included in the alert - no need for an enrichment call!
  • UPDATED! Splunk App
    • updates throughout the year.
    • Next version in early 2024 to support Alert API v7 and Data Forwarder Schema v2.
  • NEW! Splunk SOAR App
  • UPDATED! IBM QRadar APP
  • REBUILT! Syslog Connector 2.0
    • Built to use the Alerts v7 API, making all the metadata available in the syslog message
    • Configure with a Custom Access Level type for Audit Logs
    • Customizable templates to send the data you need

Making Integrations Easier

  • NEW! Carbon Black Postman Workspace
    • Don’t just get the documentation, get an interactive workspace
  • IMPROVED! API and Use Case Guides
    • Find task specific guides and an overview for SOAR actions
  • IMPROVED! Python SDK Guides and examples
    • More code snippets in the SDK documentation
    • Dedicated guides for new and popular use cases
    • Easy to run example scripts in GitHub

Deprecated APIs and Data Forwarder Schema

With all the new functionality, integrations need to be updated to take advantage.

The superseded APIs and Schema will be DEACTIVATED (turned off, not available) in the second half of 2024.

Find out how to migrate here.


EDR Releases


App Control Releases


Coming Early in the New Year

  • Carbon Black Cloud Python SDK 1.5.1 & 1.5.2
    • Asset Groups
    • Script Deobfuscation
    • Alert Extensions
    • Live Query Scroll for large result sets
  • Updated Apps
    • Using New Alerts Schema - API v7 and Forwarder v2
    • Using Simplified API Key Configuration
    • Carbon Black Cloud App for QRadar v2.3
    • Carbon Black Cloud App for Splunk v2.0
    • Carbon Black Cloud Apps for ServiceNow
  • New Data Forwarder types and destinations
  • Follow the Roadmap
  • Find all the recent announcements here

Subscribe to the newsletter

Sign-up here to get updates to your mailbox each month

Last modified on December 20, 2023