March 2024 Newsletter
New on the Developer Network
CarbonCLI - Carbon Black Cloud PowerShell CLI 1.0.0
- 31 Cmdlets for a variety of tasks including:
- Manage alerts using the Alerts v7 API
- Manage devices and the common actions on devices
- Retrieve observations
- Create and manage watchlists, feeds, reports and iocs.
- Get the details here
New Audit Log API
- A new path with export, search and queue endpoints
- Search and Export ise the same query, criteria and exclusion operators as other search requests
- Export is asynchronous to support long running search requests, with output in csv or json format
- Queue is equivalent to the existing legacy route, but conforms to standards such as ISO 8601 for timestamps.
- Read the announcement here
More New Stuff
- New versions of the ServiceNow Apps for Carbon Black Cloud
- ITSM and SecOps Apps use Alerts v7 API and Data Forwarder Alert Schema v2 to ingest Alerts
- Dashboards with Alert, Incident and Asset metrics
- Vulnerability Response App also has metrics dashboards
- Support for ServiceNow Vancouver release
- Get the details here
- Splunk Cloud support for Carbon Black Cloud Splunk SIEM app v2.0.0
Update to use the Latest APIs and Forwarder Schema
Legacy API Access Levels and Deprecated APIs are being deactivated this year
- Update now to get the most out of Carbon Black Cloud data
- Everything you need about the changes - affected APIs, Access Level types, dates, and benefits of the replacement versions - are in the Migration Guides
- July 31, 2024 is the deactivation date for Alerts API v6 and Alert Data Forwarder schema v1, as well as integrationServices/v3 Device, Policy and Live Response routes
- October 31, 2024 is the deactivation date for the Notifications v3 API