Environment

• Carbon Black Cloud Console: All Versions
  • Audit and Remediation (CB LiveOps)
  • Enterprise EDR (CB ThreatHunter)
  • Managed Detection (CB ThreatSight)
  • Endpoint Standard (CB Defense)
  • Endpoint Advanced (CB Defense + CB LiveOps)
  • Endpoint Enterprise (CB Defense + CB LiveOps + CB ThreatHunter)
• Machine able to run cURL commands

Objective

Resolution

1. Create API Key
   1. Log into Console
   2. Go to Settings > API Keys
   3. Copy Org ID (top-left, <OrgID> below)
   4. Click 'Add API Key' button
   5. 'Add API Key' modal/pop-up appears
   6. Enter name for easy identification

      Example: General_Export_From_Console

   7. Set Access Level

      Access level: Custom
      Custom access level: View All
      
      *Warning message can be ignored:
      This permission set may contain unversioned APIs. Visit developer.carbonblack.com for all currently supported/versioned APIs.

   8. Enter Description as desired
   9. Click 'Save'
   10. Copy API credentials displayed (<API_ID>, <API_Secret_Key> below)
2. Export Admin Users
   1. Log into machine able to run cURL
   2. Run the API call to export the data

      curl -H X-Auth-Token:<API_Secret_Key>/<API_ID> https://<Dashboard_URL>/access/v2/orgs/psc:org:<OrgKey>/roles

   3. Save data to file as desired

Additional Notes

• The API above is an unofficial and unsupported API which is used to populate information for the Console UI and is not supported for use as a standalone API
• Being an unsupported API means the specified route/endpoint could be changed at any point and without notice
• For ease of use, there are a number of options available online to convert JSON files to CSV using Python, Java, etc.

Related Content