Overview Carbon Black Threat Intel API’s provides real time security context for any file hash, domain, or IP address. This information includes reputation, threat name, prevalence, age, industry, geography, and related indicators to enable analysts to make quick, informed decisions when investigating and responding to threats. Key Features Data Related APIs that provide related file or network information like an array of related filenames or network indicators for a given file sha256 or n...| References on Carbon Black Developer Network
Overview Trusted Automated Exchange of Intelligence Information or TAXII, is a protocol used to exchange CTI (Cyber Threat Intelligence) data over https. TAXII enables organizations to share CTI by defining an API that aligns with common sharing models and is specifically designed to support the exchange of CTI represented in STIX format. Structured Threat Information eXpression or STIX, is a language format used to exchange CTI. STIX represents the feed that will typically show indicator obj...| References on Carbon Black Developer Network
• Event type: endpoint.event.procstart| developer.carbonblack.com
Introduction The following tables list the fields that can be included in an alert record for each alert type generated by the Carbon Black Cloud. This Data Forwarder Schema (v2.1.0) is aligned with the Alerts v7 API schema. Fields in the Schema section are included with most alert types and the exceptions are annotated. Alert types that are emitted from the Data Forwarder are dependent on the features you have enabled in Carbon Black Cloud.| References on Carbon Black Developer Network
Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.| developer.carbonblack.com
--- You can now find Carbon Black Cloud Binary Toolkit in the User Guide.| Carbon Black Developer Network
--- You can now find Carbon Black Cloud Threat Intelligence Connector in the User Guide.| Carbon Black Developer Network
Command Body| developer.carbonblack.com
As of January 2020, we have renamed all Carbon Black products.| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Platform| developer.carbonblack.com
Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.| developer.carbonblack.com
Overview This is to assist in migrating integrations from integrationServices/v3/auditlogs API to Audit Logs API. In this document, you will find Brief overview of the key differences and new features with the Audit Log API A mapping of deprecated v3 Audit Log API endpoint to related new Audit Log endpoint including schema changes Guides and Resources Audit Log API Documentation After migrating, learn how to increase security by removing unused API keys.| References on Carbon Black Developer Network
DEPRECATED This integration is deprecated and no longer maintained. This is an integration between Zscaler’s ZIA Sandbox and VMware Carbon Black Cloud (CBC) Endpoint Standard and CBC Enterprise EDR. While Zscaler can scan all files before they reach the endpoint if they come through the network, what happens when a file comes in via another method, or prior to sensor installation? V1.1 of this connector was released in Dec 2021.| References on Carbon Black Developer Network
Overview The VMware Carbon Black Cloud App for Splunk is a single application to integrate your endpoint and workload security features and telemetry directly into Splunk dashboards, workflows and alert streams. This application connects with any Carbon Black Cloud offering and replaces the existing product-specific Carbon Black Cloud apps for Splunk. This app provides a unified solution to integrate Carbon Black Cloud Endpoint and Workload offerings with Splunk Enterprise, Splunk Cloud, and ...| References on Carbon Black Developer Network
Overview| developer.carbonblack.com
Overview The VMware Carbon Black Cloud App for Splunk SOAR allows administrators and security analysts to leverage the industry leading cloud-based, next generation, anti-virus solution to prevent malware and non-malware attacks. It gives them access to the alerts through the REST API and provides a set of actions that enable them to orchestrate and automate complex tasks within the enterprise environment. The Carbon Black Cloud App for Splunk SOAR contains 42 SOAR actions.| References on Carbon Black Developer Network
Overview ServiceNow is a platform that provides workflow automation for a variety of operational and management use cases primarily targeting IT and security teams. Integrating telemetry and response actions from the Carbon Black Cloud into ServiceNow streamlines security processes by providing built-in endpoint context and response actions within a single pane of glass. With full incident management capabilities and long term record keeping, security teams leveraging the Carbon Black Cloud A...| References on Carbon Black Developer Network
Please see Setting up ServiceNow Apps and Users.| References on Carbon Black Developer Network
Please see Troubleshooting ServiceNow Apps.| References on Carbon Black Developer Network
Document Release Date Splunk App v2.0.0 January, 2024 - Installation & Configuration Guide - Troubleshooting - User Guide| References on Carbon Black Developer Network
For the latest information on Playbooks, please see Set up Carbon Black Cloud Playbooks for Splunk SOAR.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SIEM Release Notes.| References on Carbon Black Developer Network
Please see Deploying and Configuring Carbon Black Cloud App for Splunk SIEM.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SIEM.| References on Carbon Black Developer Network
As of July 31st, 2024 the APIs supporting the Carbon Black Cloud Splunk App v1.x.y will be decommissioned causing some features to no longer function. Migrate to the Carbon Black Cloud App for Splunk v2.a.b (https://splunkbase.splunk.com/app/5332) prior to July 31st, 2024 Document Release Date Splunk App v1.1.1 August, 2023 - Installation & Configuration Guide - Troubleshooting - User Guide Splunk App v2.| References on Carbon Black Developer Network
Please see FAQ and Troubleshooting.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SOAR.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SOAR Release Notes.| References on Carbon Black Developer Network
Please see Using Vulnerability Response App with ServiceNow.| References on Carbon Black Developer Network
Top This is for deprecated App Versions; SecOps v2.1.0, ITSM v2.1.0, VR v1.1.0. Please see the latest Installation and Configuration Guide for current versions of the apps. Overview To integrate Carbon Black Cloud and ServiceNow, there are three apps available for different use cases. To manage security incidents, there is a SecOps App and an ITSM App; these have the same functionality and the choice is determined by whether you have the SecOps or ITSM ServiceNow module.| References on Carbon Black Developer Network
Top Troubleshooting Verify the Carbon Black Cloud URL • Solution: The URL in the configuration must be the Carbon Black Cloud Hostname from the Authentication Page or the URL when you are logged in to the Carbon Black Cloud console. For example, https://dashboard.confer.net For any errors, check Application Logs • Solution: If you experience any errors, check the application logs to get information about the error and how to resolve it.| References on Carbon Black Developer Network
Top Overview Depending on what features you have with ServiceNow, Carbon Black offers two main Integration apps: ITSM App: When an alert occurs in Carbon Black Cloud, create a ticket in ServiceNow. The VMware Carbon Black Cloud integration with the ServiceNow IT service management (ITSM) module provides endpoint device context and metadata within tickets to streamline IT workflows and reduce manual data collection. SecOps App: When an alert occurs in Carbon Black Cloud, create an incident in ...| References on Carbon Black Developer Network
As of July 31st, 2024 the APIs supporting the following Carbon Black Cloud ServiceNow App versions will be decommissioned causing some features to no longer function. Update to the latest Carbon Black Cloud App for ServiceNow prior to July 31st, 2024 App Deprecated Version Deprecation Date Current Version for Download VMware Carbon Black Cloud for IT Service Management 2.x and earlier March 2024 v3.| References on Carbon Black Developer Network
Top Overview The VMware Carbon Black ServiceNow Vulnerability Response Application ingests vulnerabilities from the VMware Carbon Black Cloud platform. A Vulnerable Item is created from this fetched vulnerability and the configuration item. Vulnerabilities are retrieved from the Carbon Black Cloud platform when the Vulnerability Response app has an active configuration profile. For the most complete information about endpoints, configuration items in ServiceNow, enable Asset Inventory Ingesti...| References on Carbon Black Developer Network
| developer.carbonblack.com
| developer.carbonblack.com
---| developer.carbonblack.com
Document Release Date Installation & User Guide v2.2.0 v2.2.1 February 2024 Troubleshooting v2.2.0 v2.2.1 February 2024| References on Carbon Black Developer Network
---| developer.carbonblack.com
Summary The goal of this document is to list the most common integration use cases for a SOAR (Security Orchestration, Automation, and Response). While many of the use cases are security focused, there is overlap into the IT Operations space as well. Authentication All API requests can be performed on the hostname URLs specified per environment see Construct your Request in the Authentication guide. There is no longer a need to use api- URLs for any Carbon Black Cloud APIs.| References on Carbon Black Developer Network
---| developer.carbonblack.com
Platform| developer.carbonblack.com
Overview This document outlines the steps for configuring a Carbon Black Cloud Data Forwarder with either an AWS S3 bucket or Azure blob storage. The following table shows which data types can be forwarded to each storage option. Data Forwarder Type AWS S3 Bucket Azure Blob Storage Alert Yes Yes Endpoint Event Yes No Watchlist Hit Yes Yes Requirements Carbon Black Cloud Console Account with Amazon Simple Storage Service (Amazon S3) or Azure Blob Storage Guides and Resources Carbon Black Cloud...| References on Carbon Black Developer Network
As of July 31st, 2024 the APIs supporting the Carbon Black Cloud Splunk App v1.x.y will be decommissioned causing some features to no longer function. Migrate to the Carbon Black Cloud App for Splunk v2.a.b (https://splunkbase.splunk.com/app/5332) prior to July 31st, 2024 Document Release Date Splunk App v1.1.1 August, 2023 - Installation & Configuration Guide - Troubleshooting - User Guide| References on Carbon Black Developer Network
Introduction| developer.carbonblack.com
Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.| developer.carbonblack.com
---| developer.carbonblack.com
Through our investment in APIs and integrations we aim to provide customers and partners with the core capabilities of the Carbon Black Cloud, securely and flexibly integrated within their security stack. To do so, we’re launching a new workflow featuring Custom Access Levels for API Keys, which allows customers to apply access controls and create least-privileged API keys. This workflow will help us deliver more value through API Keys with a new set of API points to manage alerts and endpo...| References on Carbon Black Developer Network
Platform| developer.carbonblack.com
---| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Forward Alerts to an S3 Bucket| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Introduction| developer.carbonblack.com
Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.| developer.carbonblack.com
This Quick Start guide follows a scenario for creating a folder on a remote endpoint and then uploading a file in it. The workflow steps are:| developer.carbonblack.com
Platform| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
--- Frequently Asked Questions • The "Last Contact" field under Settings > Data should contain a current timestamp within the span of the configured "Polling Interval". In this example, the timestamp should be updated every 60 seconds. • If you go to Settings > Configuration requests are triggered to check the validity. If there is something wrong with the credentials, or the Device API or Alerts API at the current moment, validation errors will be shown. • Check that the API key is of ...| Carbon Black Developer Network
--- Quick Links Installation & User Guide Download the app Release Notes Troubleshooting Information on Previous Versions Overview The VMware Carbon Black Cloud App for IBM QRadar allows administrators to leverage the industry’s leading cloud-based, next-generation, anti-virus solution to prevent malware and non-malware attacks. This gives administrators access to the alerts, audit logs, and events exposed through the Data Forwarder and the Alerts and Audit Logs APIs for Carbon Black Cloud,...| Carbon Black Developer Network
Use Live Query to find files on a Windows system used for Dell Vulnerability DSA-2021-088. Look for a file called "dbutil_2_3.sys" in C:\Windows or C:\Users directories. Use this to determine which endpoints have a file associated with a Dell firmware vulnerability. The workflow steps are:| developer.carbonblack.com
Platform| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Version: API v7 | developer.carbonblack.com
Platform| developer.carbonblack.com
Version: v2 | developer.carbonblack.com
---| developer.carbonblack.com
Overview| developer.carbonblack.com
Platform| developer.carbonblack.com
Overview| developer.carbonblack.com
| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Platform| developer.carbonblack.com