The Cb Defense Team is excited to announce our March update, introducing new integration functionality that modernizes our legacy APIs.

Carbon Black will be updating all customer environments through the remainder of this week.

The highlight of this release is a new API that enables you to query Cb Defense by Alert ID, returning all events associated with the Alert. This new API allows SOC analysts and SIEM integrations to automatically provide context around generated alerts. This additional context provides critical insight into root cause analysis, helping to pinpoint the exact events identified by the Cb Defense Event Stream Processing engine leading to the automatic detection or prevention of potential threats within your network.. 

Complementing this new API, we are also introducing RESTful versions of all existing Cb Defense APIs.  We are performing these upgrades to provide a consistent interface across all Carbon Black products. Rest assured that all previous Cb Defense integrations and APIs have been preserved and are still fully functional. 

RESTful APIs are a foundational capability across the Carbon Black portfolio, enabling a tremendous ecosystem of third party integrations.  With the introduction of RESTful APIs on Cb Defense, customers as well as our partner ecosystem gain consistency in their method of integrating and utilizing Cb Defense. 

Seamless integration with third-party products reduces the time and complexity of identifying and responding to cyber threats.  This is the power of Collective Defense and Carbon Black’s commitment to creating and extending its RESTful APIs.

All Cb Defense partners and customers will automatically receive access to the new API over the next week. For more information about this update, please review the release notes [https://community.carbonblack.com/docs/DOC-6372] or the in-product API documentation (Settings -> Connectors, then selecting the “Download” button and “API Specification”).