Endpoint Standard APIs and Integrations
Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.
Introduction
Endpoint Standard is an industry-leading next-generation antivirus (NGAV) and behavioral endpoint detection and response (EDR) solution. Endpoint Standard is delivered through the Carbon Black Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set.
Getting Started
To get started, you need to obtain an API Secret Key and API ID from your Carbon Black Cloud console. Once you have the API Secret Key and API ID, you are ready to start using the APIs. The Endpoint Standard API lets you manage configuration, such as policies, and search data, including enriched events and audit logs. The APIs either use HTTP GET or POST requests with JSON requests and responses.
Postman Collection
Import the Carbon Black Cloud collection to make API calls using Postman.
Integrations
See our latest integrations that utilize the APIs to enhance customer workflows.
| Name | Description | Version | Release Date | Supported Products |
|---|---|---|---|---|
| CBC Python SDK | Provides an easy interface to connect with Carbon Black Cloud products. Use this SDK to more easily query and manage your endpoints, manipulate data as Python objects, and harness the full power of Carbon Black Cloud APIs. | 1.4.1 | 2022-10-21 | Platform Workload Enterprise EDR Endpoint Standard Audit and Remediation |
| Data Forwarder | Built in to the Carbon Black Cloud platform; Delivers Alert, Event and Watchlist Hit data to an AWS S3 bucket, ready for consumption by third-party solutions. | N/A | 2020 | Platform Workload Enterprise EDR Endpoint Standard |
| QRadar App | Configures a connection in QRadar to ingest alerts, audit logs, and events from Carbon Black Cloud using the Data Forwarder and APIs into IBM QRadar. Actions such as quarantining devices and adding IOCs to watchlists can be initiated in QRadar to take effect in Carbon Black Cloud. | 2.1.0 | 2022-05-17 | Platform Workload Enterprise EDR Endpoint Standard |
| Service Now - ITSM App and SecOps App | Ingest Alerts and Vulnerabilities from Carbon Black Cloud to Service Now and automatically create Service Now incidents to track the resolution. A large set of actions such as quarantining devices are available to be initiated in QRadar and take effect in Carbon Black Cloud. | 1.0.0 | 2022-07-06 | Platform Workload Enterprise EDR Endpoint Standard |
| Splunk App | Lets administrators bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard. | 1.1.6 | 2022-09-12 | Platform Workload Enterprise EDR Endpoint Standard Audit and Remediation |
| Syslog Connector | Lets administrators forward alert notifications and audit logs from their Carbon Black Cloud instance to local, on-premise systems. | 1.3.1 | 2021-01-15 | Platform Enterprise EDR Endpoint Standard |
| Zscaler Sandbox Connector | Scans files from Carbon Black Cloud Endpoint Standard or Enterprise EDR that come through the network before they reach the endpoint. | 1.1 | 2021-12-06 | Enterprise EDR Endpoint Standard |
All Documents
Latest
| Document | Release Date |
|---|---|
| All Platform APIs | Various |
| API Reference - Audit, Notifications | April, 2016 |
| Device Control API | June, 2021 |
| Enriched Events Search API v1 v2 | October, 2020 |
| Recommendation API | August, 2021 |
| Search Fields - Processes and Enriched Events v2 | October, 2020 |
Note: the replacement PolicyService API is a platform API, available in all Carbon Black Cloud products.
Note: Reputation Overrides API has moved to Platform APIs as this API is available for customers with either Enterprise EDR or Endpoint Standard enabled. See Cloud Platform APIs.
Deprecated
| Deprecated API | Replacement API | Migration Guide | Deprecated Date | Deactivation Date |
|---|---|---|---|---|
| Process Search v3 REST API | Processes Search API | N/A | August, 2020 | January 31st, 2022 |
| Events v3 REST API | Enriched Event Search API | Events v3 Migration Guide | August, 2020 | January 31st, 2022 |
| Alerts v3 REST API | Alerts API | Alerts v3 Migration Guide | August, 2020 | January 31st, 2022 |
| Devices v3 REST API | Devices API | N/A | August, 2020 | |
| Live Response v3 API | Live Response v6 API | Live Response Migration Guide | April, 2021 | |
| Policy v3 API | Policy Service API | Policy Migration | June 2022 | Not earlier than July 1st, 2023 |