Skip to main content

Carbon Black Endpoint Standard Event Collector

This Integration is part of the Carbon Black Endpoint Standard Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

Endpoint Standard (formerly called Carbon Black Defense), a Next-Generation Anti-Virus + EDR. Collect Anti-Virus & EDR alerts and Audit Log Events.

This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.

Configure Carbon Black Endpoint Standard Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Carbon Black Endpoint Standard Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    Server URLTrue
    API IDThe API Key to use for connectionTrue
    API Secret KeyTrue
    Organization KeyTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Include Audit LogsFalse
    Maximum number of alerts per fetchDefault 100,000.False
    Maximum number of audit logs per fetchDefault 25,000.False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Fetch alerts and audit logs from Carbon Black Endpoint Standard.

Base Command#



Argument NameDescriptionRequired
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display the events. Possible values are: true, false. Default is false.Required
alerts_limitThe maximum number of alerts to return (maximum value - 100000). Default is 10000.Optional
audit_logs_limitThe maximum number of audit logs to return (maximum value - 25000). Default is 2500.Optional

Context Output#

There is no context output for this command.