Carbon Black EDR (Endpoint Detection and Response) is the new name for the product formerly called CB Response.| developer.carbonblack.com
Overview When Endpoint Standard is first deployed to an environment, Policy configurations can be tuned more quickly by accepting Carbon Black Cloud Recommendations rather than by investigating endpoint activity ad-hoc and manually configuring CBC Policies in response to that investigation. A “Recommendation” is a Reputation Override which you may choose to apply to improve your Policies' efficacy. With this API, you can get Recommendations, manage their workflow state, or apply them as a...| References on Carbon Black Developer Network
---| developer.carbonblack.com
Overview Carbon Black Threat Intel API’s provides real time security context for any file hash, domain, or IP address. This information includes reputation, threat name, prevalence, age, industry, geography, and related indicators to enable analysts to make quick, informed decisions when investigating and responding to threats. Key Features Data Related APIs that provide related file or network information like an array of related filenames or network indicators for a given file sha256 or n...| References on Carbon Black Developer Network
Overview Trusted Automated Exchange of Intelligence Information or TAXII, is a protocol used to exchange CTI (Cyber Threat Intelligence) data over https. TAXII enables organizations to share CTI by defining an API that aligns with common sharing models and is specifically designed to support the exchange of CTI represented in STIX format. Structured Threat Information eXpression or STIX, is a language format used to exchange CTI. STIX represents the feed that will typically show indicator obj...| References on Carbon Black Developer Network
The VMware Carbon Black EDR App for IBM QRadar lets administrators leverage an industry-leading, EDR (Endpoint Detection and Response) solution to detect risk and take action on endpoint activity from the QRadar console. With this app, you can access many of the powerful features of Carbon Black EDR, including process searches, endpoint isolation and system status alongside QRadar’s capabilities. Download version 2.0.0 (released August 2021) from the IBM App Exchange.| References on Carbon Black Developer Network
The endpoint.event schema version 1.1.0 has been deprecated and replaced by version 1.2.0. The Carbon Black Cloud Endpoint Event Schema has been updated to version 1.1.0! New in 1.1.0 XDR Data - VMware Carbon Black Extended Detection and Response (XDR) greatly enhances security detections by reporting on network telemetry at the sensor level to detect lateral security movement across your fleet. Security teams can leverage VMware Carbon Black XDR to quickly identify threats across their envir...| References on Carbon Black Developer Network
• Event type: endpoint.event.procstart| developer.carbonblack.com
The alert schema version 2.0.0 has been deprecated and replaced by version 2.1.0. Introduction The following tables list the fields that can be included in an alert record for each alert type generated by the Carbon Black Cloud. This Data Forwarder Schema (v2.0.0) is aligned with the Alerts v7 API schema. Fields in the Schema section are included with most alert types and the exceptions are annotated. Alert types that are emitted from the Data Forwarder are dependent on the features you have ...| References on Carbon Black Developer Network
Introduction The following tables list the fields that can be included in an alert record for each alert type generated by the Carbon Black Cloud. This Data Forwarder Schema (v2.1.0) is aligned with the Alerts v7 API schema. Fields in the Schema section are included with most alert types and the exceptions are annotated. Alert types that are emitted from the Data Forwarder are dependent on the features you have enabled in Carbon Black Cloud.| References on Carbon Black Developer Network
Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.| developer.carbonblack.com
--- You can now find Carbon Black Cloud Binary Toolkit in the User Guide.| Carbon Black Developer Network
--- You can now find Carbon Black Cloud Threat Intelligence Connector in the User Guide.| Carbon Black Developer Network
Command Body| developer.carbonblack.com
Carbon Black App Control is the new name for the product formerly called CB Protection. The Carbon Black App Control REST API provides a REST based interface to view, search, and control everything on the Carbon Black App Control server. The following resources are available: The App Control API reference The Python API bindings| References on Carbon Black Developer Network
Introduction| developer.carbonblack.com
As of January 2020, we have renamed all Carbon Black products.| developer.carbonblack.com
Version: v2 | developer.carbonblack.com
This API will be deactivated on September 5, 2024.| developer.carbonblack.com
Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
Forward Alerts to an S3 Bucket| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Platform| developer.carbonblack.com
Version: API v7 | developer.carbonblack.com
Platform| developer.carbonblack.com
Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Platform| developer.carbonblack.com
Platform| developer.carbonblack.com
For VMware Carbon Black Cloud™ customers who use VMware Cloud Services Platform for Identity and Access Management,| developer.carbonblack.com
Introduction| developer.carbonblack.com
Introduction| developer.carbonblack.com
The Carbon Black Cloud Endpoint Event Schema has been updated to version 1.1.0!| developer.carbonblack.com
Overview This is to assist in migrating integrations from integrationServices/v3/auditlogs API to Audit Logs API. In this document, you will find Brief overview of the key differences and new features with the Audit Log API A mapping of deprecated v3 Audit Log API endpoint to related new Audit Log endpoint including schema changes Guides and Resources Audit Log API Documentation After migrating, learn how to increase security by removing unused API keys.| References on Carbon Black Developer Network
The integrationServices/v3/notification API will be deactivated on October 31, 2024.| developer.carbonblack.com
DEPRECATED This integration is deprecated and no longer maintained. This is an integration between Zscaler’s ZIA Sandbox and VMware Carbon Black Cloud (CBC) Endpoint Standard and CBC Enterprise EDR. While Zscaler can scan all files before they reach the endpoint if they come through the network, what happens when a file comes in via another method, or prior to sensor installation? V1.1 of this connector was released in Dec 2021.| References on Carbon Black Developer Network
Overview The VMware Carbon Black Cloud App for Splunk is a single application to integrate your endpoint and workload security features and telemetry directly into Splunk dashboards, workflows and alert streams. This application connects with any Carbon Black Cloud offering and replaces the existing product-specific Carbon Black Cloud apps for Splunk. This app provides a unified solution to integrate Carbon Black Cloud Endpoint and Workload offerings with Splunk Enterprise, Splunk Cloud, and ...| References on Carbon Black Developer Network
Overview| developer.carbonblack.com
Overview The VMware Carbon Black Cloud App for Splunk SOAR allows administrators and security analysts to leverage the industry leading cloud-based, next generation, anti-virus solution to prevent malware and non-malware attacks. It gives them access to the alerts through the REST API and provides a set of actions that enable them to orchestrate and automate complex tasks within the enterprise environment. The Carbon Black Cloud App for Splunk SOAR contains 42 SOAR actions.| References on Carbon Black Developer Network
Overview ServiceNow is a platform that provides workflow automation for a variety of operational and management use cases primarily targeting IT and security teams. Integrating telemetry and response actions from the Carbon Black Cloud into ServiceNow streamlines security processes by providing built-in endpoint context and response actions within a single pane of glass. With full incident management capabilities and long term record keeping, security teams leveraging the Carbon Black Cloud A...| References on Carbon Black Developer Network
Please see Setting up ServiceNow Apps and Users.| References on Carbon Black Developer Network
Please see Troubleshooting ServiceNow Apps.| References on Carbon Black Developer Network
Document Release Date Splunk App v2.0.0 January, 2024 - Installation & Configuration Guide - Troubleshooting - User Guide| References on Carbon Black Developer Network
For the latest information on Playbooks, please see Set up Carbon Black Cloud Playbooks for Splunk SOAR.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SIEM Release Notes.| References on Carbon Black Developer Network
The VMware Carbon Black Cloud App for Splunk is a single application to integrate your endpoint and workload security features and telemetry directly into Splunk dashboards, workflows and alert streams. This application connects with any Carbon Black Cloud offering and replaces the existing product-specific Carbon Black Cloud apps for Splunk. This app provides a unified solution to integrate Carbon Black Cloud Endpoint and Workload offerings with Splunk Enterprise, Splunk Cloud, and Splunk En...| References on Carbon Black Developer Network
Frequently Asked Questions What features are included with the new Splunk app? For the full list of features available in the current version of the app, view the details on SplunkBase. Highlights of the features in this app: Data Inputs Support for high volume, low latency Alerts, Endpoint Events and Watchlist Hits via the Data Forwarder Support for Alerts, Audit Logs, Live Query Results, Vulnerability Assessment data and Auth Events via a built-in input using the Carbon Black Cloud APIs Sup...| References on Carbon Black Developer Network
Initial Application Configuration VMware Carbon Black Cloud is configured from the Application Configuration menu option under the Administration menu. VMware Base Configuration The options configured on this tab will update settings in local/eventtypes.conf. VMware Base Index: specifies where the Carbon Black Cloud data will be indexed and searched. Required on the searching tier. VMware Action Index: specifies where outputs generated from alert actions will be stored and/or searched.| References on Carbon Black Developer Network
Please see Deploying and Configuring Carbon Black Cloud App for Splunk SIEM.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SIEM.| References on Carbon Black Developer Network
As of July 31st, 2024 the APIs supporting the Carbon Black Cloud Splunk App v1.x.y will be decommissioned causing some features to no longer function. Migrate to the Carbon Black Cloud App for Splunk v2.a.b (https://splunkbase.splunk.com/app/5332) prior to July 31st, 2024 Document Release Date Splunk App v1.1.1 August, 2023 - Installation & Configuration Guide - Troubleshooting - User Guide Splunk App v2.| References on Carbon Black Developer Network
Please see FAQ and Troubleshooting.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SOAR.| References on Carbon Black Developer Network
Please see Carbon Black Cloud App for Splunk SOAR Release Notes.| References on Carbon Black Developer Network
Please see Using Vulnerability Response App with ServiceNow.| References on Carbon Black Developer Network
Top This is for deprecated App Versions; SecOps v2.1.0, ITSM v2.1.0, VR v1.1.0. Please see the latest Installation and Configuration Guide for current versions of the apps. Overview To integrate Carbon Black Cloud and ServiceNow, there are three apps available for different use cases. To manage security incidents, there is a SecOps App and an ITSM App; these have the same functionality and the choice is determined by whether you have the SecOps or ITSM ServiceNow module.| References on Carbon Black Developer Network
Top Troubleshooting Verify the Carbon Black Cloud URL • Solution: The URL in the configuration must be the Carbon Black Cloud Hostname from the Authentication Page or the URL when you are logged in to the Carbon Black Cloud console. For example, https://dashboard.confer.net For any errors, check Application Logs • Solution: If you experience any errors, check the application logs to get information about the error and how to resolve it.| References on Carbon Black Developer Network
Top Overview Depending on what features you have with ServiceNow, Carbon Black offers two main Integration apps: ITSM App: When an alert occurs in Carbon Black Cloud, create a ticket in ServiceNow. The VMware Carbon Black Cloud integration with the ServiceNow IT service management (ITSM) module provides endpoint device context and metadata within tickets to streamline IT workflows and reduce manual data collection. SecOps App: When an alert occurs in Carbon Black Cloud, create an incident in ...| References on Carbon Black Developer Network
As of July 31st, 2024 the APIs supporting the following Carbon Black Cloud ServiceNow App versions will be decommissioned causing some features to no longer function. Update to the latest Carbon Black Cloud App for ServiceNow prior to July 31st, 2024 App Deprecated Version Deprecation Date Current Version for Download VMware Carbon Black Cloud for IT Service Management 2.x and earlier March 2024 v3.| References on Carbon Black Developer Network
Top Overview The VMware Carbon Black ServiceNow Vulnerability Response Application ingests vulnerabilities from the VMware Carbon Black Cloud platform. A Vulnerable Item is created from this fetched vulnerability and the configuration item. Vulnerabilities are retrieved from the Carbon Black Cloud platform when the Vulnerability Response app has an active configuration profile. For the most complete information about endpoints, configuration items in ServiceNow, enable Asset Inventory Ingesti...| References on Carbon Black Developer Network
| developer.carbonblack.com
| developer.carbonblack.com
---| developer.carbonblack.com
Requirements Access to Carbon Black Cloud IBM QRadar version 7.4.3 patch level 8 or later / 7.5.0 update pack 3 or later Quick Links Installing & Configuring the App Log Source Setup Using the App Upgrading the app Download the app Release Notes Troubleshooting App Errors Frequently Asked questions Information on Previous Versions v2.1.1 Getting Started This guide describes:| References on Carbon Black Developer Network
Document Release Date Installation & User Guide v2.2.0 v2.2.1 February 2024 Troubleshooting v2.2.0 v2.2.1 February 2024| References on Carbon Black Developer Network
---| developer.carbonblack.com
---| developer.carbonblack.com
Summary The goal of this document is to list the most common integration use cases for a SOAR (Security Orchestration, Automation, and Response). While many of the use cases are security focused, there is overlap into the IT Operations space as well. Authentication All API requests can be performed on the hostname URLs specified per environment see Construct your Request in the Authentication guide. There is no longer a need to use api- URLs for any Carbon Black Cloud APIs.| References on Carbon Black Developer Network
---| developer.carbonblack.com
Platform| developer.carbonblack.com
Overview This document outlines the steps for configuring a Carbon Black Cloud Data Forwarder with either an AWS S3 bucket or Azure blob storage. The following table shows which data types can be forwarded to each storage option. Data Forwarder Type AWS S3 Bucket Azure Blob Storage Alert Yes Yes Endpoint Event Yes No Watchlist Hit Yes Yes Requirements Carbon Black Cloud Console Account with Amazon Simple Storage Service (Amazon S3) or Azure Blob Storage Guides and Resources Carbon Black Cloud...| References on Carbon Black Developer Network
As of July 31st, 2024 the APIs supporting the Carbon Black Cloud Splunk App v1.x.y will be decommissioned causing some features to no longer function. Migrate to the Carbon Black Cloud App for Splunk v2.a.b (https://splunkbase.splunk.com/app/5332) prior to July 31st, 2024 Document Release Date Splunk App v1.1.1 August, 2023 - Installation & Configuration Guide - Troubleshooting - User Guide| References on Carbon Black Developer Network
Frequently Asked Questions 1. How do I know if the app is connected to the Carbon Black Cloud? • The "Last Contact" field under Settings Data should contain a current timestamp within the span of the configured "Polling Interval". In this example, the timestamp should be updated every 60 seconds. • If you go to Settings Configuration requests are triggered to check the validity.| References on Carbon Black Developer Network
Introduction| developer.carbonblack.com
Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.| developer.carbonblack.com
---| developer.carbonblack.com
Through our investment in APIs and integrations we aim to provide customers and partners with the core capabilities of the Carbon Black Cloud, securely and flexibly integrated within their security stack. To do so, we’re launching a new workflow featuring Custom Access Levels for API Keys, which allows customers to apply access controls and create least-privileged API keys. This workflow will help us deliver more value through API Keys with a new set of API points to manage alerts and endpo...| References on Carbon Black Developer Network
Platform| developer.carbonblack.com
---| developer.carbonblack.com
Platform| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
---| developer.carbonblack.com
Forward Alerts to an S3 Bucket| developer.carbonblack.com
---| developer.carbonblack.com
This API will be deactivated on September 5, 2024.| developer.carbonblack.com
---| developer.carbonblack.com
Introduction| developer.carbonblack.com