Carbon Black Endpoint Standard Event Collector
This Integration is part of the Carbon Black Endpoint Standard Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Endpoint Standard (formerly called Carbon Black Defense), a Next-Generation Anti-Virus + EDR. Collect Anti-Virus & EDR alerts and Audit Log Events.
This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.
Configure Carbon Black Endpoint Standard Event Collector on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Carbon Black Endpoint Standard Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL True API ID The API Key to use for connection True API Secret Key True Organization Key True Trust any certificate (not secure) False Use system proxy settings False Include Audit Logs False Maximum number of alerts per fetch Default 100,000. False Maximum number of audit logs per fetch Default 25,000. False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
carbonblack-endpoint-standard-get-events#
Fetch alerts and audit logs from Carbon Black Endpoint Standard.
Base Command#
carbonblack-endpoint-standard-get-events
Input#
| Argument Name | Description | Required |
|---|---|---|
| should_push_events | Set this argument to True in order to create events, otherwise the command will only display the events. Possible values are: true, false. Default is false. | Required |
| alerts_limit | The maximum number of alerts to return (maximum value - 100000). Default is 10000. | Optional |
| audit_logs_limit | The maximum number of audit logs to return (maximum value - 25000). Default is 2500. | Optional |
Context Output#
There is no context output for this command.