CBAPI SDK to Carbon Black Cloud Python SDK (CBC SDK) Migration
APIs used by CBAPI were deactivated September & October 2024.
The Carbon Black Cloud portion of CBAPI has moved to Carbon Black Cloud Python SDK on GitHub. All development and bug fixes for Carbon Black Cloud will be made there. Carbon Black EDR and App Control will remain supported in CBAPI.
Overview
This guide will help you migrate from CBAPI to the Carbon Black Cloud Python SDK.
This is necessary to take advantage of new functionality in Carbon Black Cloud and also to ensure that functionality is not lost from your integrations after the APIs were deactivated.
Guides and Resources
- Porting Guide - CBAPI to Carbon Black Cloud Python SDK (CBC SDK)
- API Migration Guides
- Carbon Black Cloud Python SDK
Impacted APIs
These guides provide more details on the APIs that are being deactivated. If you update to the Carbon Black Cloud SDK using the
Porting Guide you may not need all the details provide in API specific guides.
If you did not update prior to deactivation of one or more APIs
You will see failures in logging, most commonly a 410 GONE or 404 NOT FOUND response from the API route.
Follow the Migration and Porting Guides in the previous sections.
Summary of Changes
For full details including changes to packages, folder structure and functional changes, see the Porting Guide on ReadTheDocs.
| CBAPI module | Replacement CBC SDK Module | Summary of Change | More Information |
|---|---|---|---|
| cbapi.psc.defense Event | cbc_sdk.platform Observation | This was deactivated in January 2021. | Review the Carbon Black Cloud User Guide to learn more about Observations and how to use them in your integration. |
| cbapi.psc.defense Policy | cbc_sdk.platform Policy | A new service with rule configurations for features such such as Host Based Firewall and enabling XDR data collection replaces the legacy service. | |
| cbc_sdk.endpoint_standard EnrichedEvent | cbc_sdk.platform Observation | Expanded availability to Enterprise EDR subscribers as well as Endpoint Standard subscribers. | |
| cbc_sdk.platform Alert | Module path is unchanged. | In SDK 1.5.0 the Alert module was updated to use the new Alert v7 API. A lot of new metadata about an alert is included in the response and in many cases a follow-up request for details such as process command line will not be needed because the information is in the Alert response. | Alert Migration Guide |
| SIEM Notifications - cbc_sdk.rest_api CBCloudAPI get_notifications() | cbc_sdk.platform Alert or Alert Data Forwarder | The Notification API was deactivated October 2024. The Alert v7 API and Data Forwarder Alert Schema v2 provide significantly more information. | |
| Live Response | Module path is unchanged. | The API key changes from using a Access Level type LIVE_RESPONSE to one of Custom and has fine grained permissions. Changes to some request and response field names. |
Live Response Migration Guide |
Last modified on March 21, 2025