Processes Search API
The GET Process Search Validation endpoint has been deprecated and replaced by a POST endpoint . Please use the POST Process Search Validation v2 instead.
This endpoint will be deactivated on September 5, 2024.
The Search Suggestions v1 endpoint has been deprecated and replaced by the v2 endpoint . Please use the Process Search Suggestion v2 instead.
This endpoint will be deactivated on September 5, 2024.
Calls for Processes
The following calls search on and return processes.
Process Search Suggestions (v1)
Returns suggestions for a process search selected from fields and values as reported in the organization’s system. Will return values for the specified field if at least one character follows the colon. Returns null if no characters follow the colon.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | org.search.events |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Search:org.Events:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/api/investigate/v1/orgs/{org_key}/processes/search_suggestions
Query Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
suggest.q REQUIRED
|
Query to generate suggestions for | String | N/A |
suggest.count |
Number of suggestions to return | Integer | Default: 50 |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully suggested process search fields | application/json | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-eap01.conferdeploy.net/api/investigate/v1/orgs/ABCD1234/processes/search_suggestions?suggest.q=process_cmd&suggest.count=1
Response
{
"suggestions": [
{
"term": "process_name",
"weight": 2800,
"required_skus_all": [],
"required_skus_some": [
"threathunter",
"defense"
]
}
]
}Process Search Validation (v1)
Validates a given process query and potentially gives suggestions on how to fix invalid queries.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | org.search.events |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Search:org.Events:read |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/api/investigate/v1/orgs/{org_key}/processes/search_validation
Query Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
q REQUIRED
|
Keeping this parameter as *:* allows you to query everything |
String | N/A |
cb.min_backend_timestamp |
Start time for the query | Integer | Epoch timestamp in milliseconds
Default: 0 |
cb.max_backend_timestamp |
End time for the query | Integer | Epoch timestamp in milliseconds |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully validated process search | application/json | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Example
Request
GET https://defense-eap01.conferdeploy.net/api/investigate/v1/orgs/ABCD1234/processes/search_validation?q=process
Response
{
"valid": true,
"value_search_query": true
}Last modified on April 11, 2023