Carbon Black Endpoint Standard v3

Endpoint Standard is an industry-leading next-generation antivirus (NGAV) and behavioral endpoint detection and response (EDR) solution. Endpoint Standard is delivered through the Carbon Black Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set.

Endpoint · Carbon Black Endpoint Standard

Configuration parameters

  • url — URL (required)
  • organization_key — Organization Key (required)
  • custom_credentials — Custom Api Key
  • live_response_credentials — Api Key (Api/Live Response key)
  • incidentType — Incident type
  • isFetch — Fetch incidents
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • type — The type of the alert
  • device_id — Device ID
  • policy_id — Policy ID
  • device_username — Device username
  • min_severity — Minimum severity
  • query — Query
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days).
  • max_fetch — Maximum number of incidents per fetch

Commands (26)

  • cbd-add-rule-to-policy

    Adds a new rule to an existing policy. Note: System policies cannot be modified.

  • cbd-alerts-search

    Gets alert details, including alert metadata and the event associated with the alert.

  • cbd-create-policy

    Creates a new policy on the CB Defense backend.

  • cbd-delete-policy

    Deletes a policy from the CB Defense backend. This may return an error if devices are actively assigned to the policy ID requested for deletion. Note: System policies cannot be deleted.

  • cbd-delete-rule-from-policy

    Removes a rule from an existing policy. Note: System policies cannot be modified.

  • cbd-device-background-scan

    Starts a background scan on the device. Not supported for devices in a Linux operating system.

  • cbd-device-background-scan-stop

    Stops a background scan on the device. Not supported for devices in a Linux operating system.

  • cbd-device-bypass

    Bypasses a device.

  • cbd-device-policy-update

    Updates the devices to the specified policy ID.

  • cbd-device-quarantine

    Quarantines the device. Not supported for devices in a Linux operating system.

  • cbd-device-search

    Searches devices in your organization.

  • cbd-device-unbypass

    Unbypasses a device.

  • cbd-device-unquarantine

    Unquarantines the device. Not supported for devices in a Linux operating system.

  • cbd-device-update-sensor-version

    Updates the version of a sensor.

  • cbd-find-observation

    Fetches Carbon Black events details based on specified parameters. Supports polling to wait for the search job completion.

  • cbd-find-observation-details

    Fetches Carbon Black events details based on specified parameters. Supports polling to wait for the search job completion.

  • cbd-find-observation-details-results

    Retrieves the search results using the specified job ID.

  • cbd-find-observation-results

    Retrieves the search results using the specified job ID.

  • cbd-find-processes

    Creates a process search job and retrieves the search results. At least one of the arguments (not including: rows, start, and time_range) is required.

  • cbd-find-processes-results

    Retrieves the search results using the specified job ID.

  • cbd-get-alert-details

    Gets alert details according to alert ID, including alert metadata and a list of all events associated with the alert. Only API keys of type “API” can call the alert API.

  • cbd-get-policies-summary

    Get an overview of the policies available in the organization.

  • cbd-get-policy

    Retrieves a policy object by ID.

  • cbd-set-policy

    Set existing policy's fields on the CB Defense backend.

  • cbd-update-policy

    Update an existing policy on the CB Defense backend.

  • cbd-update-rule-in-policy

    Updates an existing rule with a new rule. Note: System policies cannot be modified.