Platform APIs and Integrations
Overview
Platform APIs provide access to core Carbon Black Cloud capabilities that are common across multiple modules. They include functionality such as searching for Alerts, Devices, Processes and managing policy settings.
The data returned by an API will differ depending on the modules deployed in your environment; for example, the Alerts API will generate Watchlist Alerts for Enterprise EDR customers and CB Analytics Alerts for Endpoint Standard customers.
Platform APIs are available to all Carbon Black Cloud customers. These platform level APIs are augmented by product specific APIs.
Getting Started
Authentication
Carbon Black Cloud APIs and Services are authenticated via API Keys. This means that in order to access the data in Carbon Black Cloud via API, you must set up Access Levels and API Keys in the Carbon Black Cloud Console. For more information see Authentication
Resources
- Guides for additional context beyond what the API documentation defines
- Postman Collection
- Python SDK
- Examples and Tools
- Integrations
Guides
See our latest guides for additional context beyond what the API documentation defines.
All Documents
Latest
| Document | Release Date |
|---|---|
| Access Profiles and Grants API v2 | May, 2021 |
| Alerts API v7 | April, 2023 |
| Asset Groups API v1 | Nov, 2023 |
| Audit Logs API v1 | Mar, 2024 |
| Devices API v6 | February, 2020 |
| Data Forwarder API v2 | November, 2021 |
| Data Forwarder Fields v1 | November, 2021 |
| Job Service API v1 | May, 2020 |
| Live Response API v6 | April, 2021 |
| Network Threat Metadata API v1 | March, 2023 |
| Observations API v2 | March, 2023 |
| Policy Service API v1 | April, 2022 |
| Processes Search API v1 v2 | October, 2020 |
| Reputation Overrides API v6 | June, 2021 |
| Script Deobfuscation API v2 | July, 2023 |
| Sensor Update Services API v3 | August, 2023 |
| Search Fields - Alerts v7 | April, 2023 |
| Search Fields - Investigate
v2
Processes, Observations, Auth Events and Enriched Event Searches |
March 2023 |
| User Management API v6 | May, 2021 |
| Vulnerability Assessment v1 | August, 2021 |
Note: Enriched Events Search API has moved under Endpoint Standard as this API is only available for customers with Endpoint Standard enabled. See Endpoint Standard.
Note: This was initially released under the internal name Reveal and updated shortly after to Script Deobfuscation API.Deprecated
| Document | Deprecated Date | Targeted Deactivation Date |
|---|---|---|
| Devices v3 API (Previously Endpoint Standard) | September, 2019 | September 5, 2024 |
| Live Response API | April, 2021 | September 5, 2024 |
| Data Forwarder Configuration API v1 | November, 2021 | October 31, 2024 |
| Process Search - Get Process Search Validation | April 2023 | September 5, 2024 |
| Alerts API v6 | April 2023 | September 5, 2024 |
| Sensor Update Services API v2 | June, 2023 | September 5, 2024 |
Access Level Type: API |
June, 2023 | October 31, 2024 |
Access Level Type: LIVE_RESPONSE |
June, 2023 | October 31, 2024 |
Deactivated
| Document | Deprecated Date | Deactivated Date |
|---|---|---|
| Alerts v3 API (Previously Endpoint Standard) | September, 2019 | January 31st, 2022 |
Integrations
See our latest integrations that utilize Carbon Black Cloud APIs to enhance customer workflows.
| Name | Description | Version | Release Date | Supported Products |
|---|---|---|---|---|
| CBC Python SDK | Provides an easy interface to connect with Carbon Black Cloud products. Use this SDK to more easily query and manage your endpoints, manipulate data as Python objects, and harness the full power of Carbon Black Cloud APIs. | 1.5.6 | 2024-07-26 | Platform Workload Enterprise EDR Endpoint Standard Audit and Remediation |
| Data Forwarder | Built in to the Carbon Black Cloud platform; Delivers Alert, Event and Watchlist Hit data to an AWS S3 bucket, ready for consumption by third-party solutions. | N/A | 2020 | Platform Workload Enterprise EDR Endpoint Standard |
| QRadar App | Configures a connection in QRadar to ingest alerts, audit logs, and events from Carbon Black Cloud using the Data Forwarder and APIs into IBM QRadar. Actions such as quarantining devices and adding IOCs to watchlists can be initiated in QRadar to take effect in Carbon Black Cloud. | 2.3.0 | 2024-06-05 | Platform Workload Enterprise EDR Endpoint Standard |
| Service Now: ITSM App SecOps App Vulnerability Response (VR) App |
Ingest Alerts and Vulnerabilities from Carbon Black Cloud to Service Now and automatically create Service Now incidents to track the resolution. A large set of actions such as quarantining devices are available to be initiated in ServiceNow and take effect in Carbon Black Cloud. | ITSM App: 3.0.0 SecOps App: 3.0.0 VR: 2.0.0 |
2024-03 | Platform Workload Enterprise EDR Endpoint Standard |
| Splunk SIEM App | Lets administrators bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard. | 2.2.x | 2023-08-17 | Platform Workload Enterprise EDR Endpoint Standard Audit and Remediation |
| Splunk SOAR App | Configures a connection in Splunk SOAR to ingest alerts from Carbon Black Cloud using the REST APIs. Actions can be initiated in Splunk SOAR to take effect in Carbon Black Cloud. | 2.0.0 | 2024-02-12 | Platform Enterprise EDR Endpoint Standard Audit and Remediation |
| Syslog Connector | Lets administrators forward alerts and audit logs from their Carbon Black Cloud instance to local, on-premise systems. | 2.0.3 | 2024-03-25 | Platform Enterprise EDR Endpoint Standard |
| DEPRECATED Zscaler Sandbox Connector |
This integration is deprecated and no longer maintained. Scans files from Carbon Black Cloud Endpoint Standard or Enterprise EDR that come through the network before they reach the endpoint. |
1.1 | 2021-12-06 | Enterprise EDR Endpoint Standard |
Last modified on March 12, 2024