Endpoint Standard APIs and Integrations

Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.

Introduction

Endpoint Standard is an industry-leading next-generation antivirus (NGAV) and behavioral endpoint detection and response (EDR) solution. Endpoint Standard is delivered through the Carbon Black Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set.

Getting Started

To get started, you need to obtain an API ID from your Carbon Black Cloud console and the stored API Secret Key. Once you have the API Secret Key and API ID, you are ready to start using the APIs. The Endpoint Standard API lets you manage configuration, such as policies, and search data, including enriched events and audit logs. The APIs either use HTTP GET or POST requests with JSON requests and responses.

Postman Collection

Use the Postman Collection in the Carbon Black Workspace to make API calls using Postman.

All Documents

Latest

Document Release Date
All Platform APIs Various
API Reference - Audit April, 2016
Device Control API June, 2021
Recommendation API August, 2021
Search Fields - Investigate (Enriched Events) v2 October, 2020

Note: the replacement PolicyService API is a platform API, available in all Carbon Black Cloud products.

Note: Reputation Overrides API has moved to Platform APIs as this API is available for customers with either Enterprise EDR or Endpoint Standard enabled. See Cloud Platform APIs.

Deprecated & Deactivated

Deprecated APIs have replacement APIs available which have improved functionality. Integrations should be updated to use the replacement APIs to realise the benefits of Carbon Black Cloud improvements and to ensure there is no impact when APIs are deactivated.

Deprecated APIs Replacement API Migration Guide Deprecated Date Targeted Deactivation Date
Devices v3 REST API Devices API N/A August, 2020 July 31, 2024
Enriched Events Search API v1 v2 Observations API Observations Migration July 2023 July 31, 2024
Live Response v3 API Live Response v6 API Live Response Migration April, 2021 July 31, 2024
Policy v3 API Policy Service API Policy Migration June 2022 July 31, 2024
Notifications v3 API Alerts v7 API or
Data Forwarder - Alert Schema 2.0.0
Notifications Migration September 2023 October 31, 2024
Access Level Type: API Custom API Access Level See the migration guides for APIs being called with this Access Level type June, 2023 October 31, 2024
Access Level Type: LIVE_RESPONSE Custom API Access Level See the migration guides for APIs being called with this Access Level type June, 2023 October 31, 2024

Deactivated

Deactivated APIs are no longer available.

Deactivated APIs Replacement API Migration Guide Deprecated Date Deactivation Date
Process Search v3 REST API Processes Search API N/A August, 2020 January 31st, 2022
Events v3 REST API Enriched Event Search API Events v3 Migration Guide August, 2020 January 31st, 2022
Alerts v3 REST API Alerts API Alerts v3 Migration Guide August, 2020 January 31st, 2022

Please contact us if you have any questions or concerns about these changes.

Integrations

See our latest integrations that utilize the APIs to enhance customer workflows.

Name Description Version Release Date Supported Products
CBC Python SDK Provides an easy interface to connect with Carbon Black Cloud products. Use this SDK to more easily query and manage your endpoints, manipulate data as Python objects, and harness the full power of Carbon Black Cloud APIs. 1.5.1 2024-01-30 Platform
Workload
Enterprise EDR
Endpoint Standard
Audit and Remediation
Data Forwarder Built in to the Carbon Black Cloud platform; Delivers Alert, Event and Watchlist Hit data to an AWS S3 bucket, ready for consumption by third-party solutions. N/A 2020 Platform
Workload
Enterprise EDR
Endpoint Standard
QRadar App Configures a connection in QRadar to ingest alerts, audit logs, and events from Carbon Black Cloud using the Data Forwarder and APIs into IBM QRadar. Actions such as quarantining devices and adding IOCs to watchlists can be initiated in QRadar to take effect in Carbon Black Cloud. 2.2.0 2023-05-03 Platform
Workload
Enterprise EDR
Endpoint Standard
Service Now:
ITSM App
SecOps App
Vulnerability Response (VR) App
Ingest Alerts and Vulnerabilities from Carbon Black Cloud to Service Now and automatically create Service Now incidents to track the resolution. A large set of actions such as quarantining devices are available to be initiated in ServiceNow and take effect in Carbon Black Cloud. ITSM App: 3.0.0
SecOps App: 3.0.0
VR: 2.0.0
2024-03 Platform
Workload
Enterprise EDR
Endpoint Standard
Splunk App Lets administrators bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard. 1.1.10 2023-08-17 Platform
Workload
Enterprise EDR
Endpoint Standard
Audit and Remediation
Syslog Connector Lets administrators forward alerts and audit logs from their Carbon Black Cloud instance to local, on-premise systems. 2.0.1 2023-11-01 Platform
Enterprise EDR
Endpoint Standard
Zscaler Sandbox Connector Scans files from Carbon Black Cloud Endpoint Standard or Enterprise EDR that come through the network before they reach the endpoint. 1.1 2021-12-06 Enterprise EDR
Endpoint Standard

Give Feedback

New survey coming soon!


Last modified on September 21, 2023