Supported Cortex XSOAR versions: 6.10.0 and later.
Endpoint Standard (formerly called Carbon Black Defense), a Next-Generation Anti-Virus + EDR. Collect Anti-Virus & EDR alerts and Audit Log Events.
Navigate to Settings > Integrations > Servers & Services.
Search for Carbon Black Endpoint Standard Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL True API ID The API Key to use for connection True API Secret Key True Organization Key True Trust any certificate (not secure) False Use system proxy settings False Include Audit Logs False Maximum number of alerts per fetch Default 100,000. False Maximum number of audit logs per fetch Default 25,000. False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Fetch alerts and audit logs from Carbon Black Endpoint Standard.
|Set this argument to True in order to create events, otherwise the command will only display the events. Possible values are: true, false. Default is false.
|The maximum number of alerts to return (maximum value - 100000). Default is 10000.
|The maximum number of audit logs to return (maximum value - 25000). Default is 2500.
There is no context output for this command.