CBAPI SDK to Carbon Black Cloud Python SDK (CBC SDK) Migration
APIs used by CBAPI will be deactivated on September 5, 2024.
The Carbon Black Cloud portion of CBAPI has moved to Carbon Black Cloud Python SDK on GitHub. All development and bug fixes for Carbon Black Cloud will be made there. Carbon Black EDR and App Control will remain supported in CBAPI.
Overview
This guide will help you migrate from CBAPI to the Carbon Black Cloud Python SDK.
This is necessary to take advantage of new functionality in Carbon Black Cloud and also to ensure that functionality is not lost from your integrations when APIs are deactivated in July 2024.
Guides and Resources
- Porting Guide - CBAPI to Carbon Black Cloud Python SDK (CBC SDK)
- API Migration Guides
- Carbon Black Cloud Python SDK
Impacted APIs
These guides provide more details on the APIs that are being deactivated. If you update to the Carbon Black Cloud SDK using the
Porting Guide you may not need all the details
provide in API specific guides.
The following APIs are used in CBAPI and will be deactivated on July 31st 2024:
- Alerts v6 API - Migration Guide
- Live Response v3 API - Migration Guide
- Policy v3 API - Migration Guide
- Enriched Events API - Migration Guide
The following APIs are used in CBAPI and will be deactivated on October 31st 2024:
- Notifications v3 API - Migration Guide
If you did not update prior to July 31st 2024
You will see failures in logging, most commonly a 410 GONE response from the API.
Follow the Migration and Porting Guides in the previous sections.
Summary of Changes
For full details including changes to packages, folder structure and functional changes, see the Porting Guide on ReadTheDocs.
| CBAPI module | Replacement CBC SDK Module | Summary of Change | More Information |
|---|---|---|---|
| cbapi.psc.defense Event | cbc_sdk.platform Observation | This was deactivated in January 2021. | Review the Carbon Black Cloud User Guide to learn more about Observations and how to use them in your integration. |
| cbapi.psc.defense Policy | cbc_sdk.platform Policy | A new service with rule configurations for features such such as Host Based Firewall and enabling XDR data collection replaces the legacy service. | IntegrationServices Policy v3 API Migration |
| cbc_sdk.endpoint_standard EnrichedEvent | cbc_sdk.platform Observation | Expanded availability to Enterprise EDR subscribers as well as Endpoint Standard subscribers. | Enriched Events API Migration |
| cbc_sdk.platform Alert | Module path is unchanged. | In SDK 1.5.0 the Alert module was be updated to use the new Alert v7 API. A lot of new metadata about an alert is included in the response and in many cases a follow-up request for details such as process command line will not be needed because the information is in the Alert response. | Alert Migration Guide |
| SIEM Notifications - cbc_sdk.rest_api CBCloudAPI get_notifications() | cbc_sdk.platform Alert or Alert Data Forwarder | The Notification API will be deactivated on October 31, 2024. The Alert v7 API and Data Forwarder Alert Schema v2 provide significantly more information. | Notification Migration |
| Live Response | Module path is unchanged. | The API key changes from using a Access Level type LIVE_RESPONSE to one of Custom and has fine grained permissions. Changes to some request and response field names. |
Live Response Migration Guide |
| Audit Logs | cbc_sdk.platform AuditLog | The API key changes from using a Access Level type API to one of Custom. The previous module path remains in place for backwards compatibility. |
Audit Log Access Level Migration |
Last modified on June 3, 2024