How To Use Postman to Retrieve Carbon Black Data Via API
Article ID: 291377
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Retrieve data available via Carbon Black's rest API
Environment
- Carbon Black Cloud: All Supported Versions
- Postman Utility for Windows
Resolution
- Prepare the following:
a. Determine API URL (e.g. https://defense-prod05.conferdeploy.net) see What URLs are used to access the APIs?
b. Determine the API type (Alerts, Devices, etc, see Carbon Black Cloud REST API Reference
c. Obtain API credentials from console (Settings → API Access), note down both your API ID and secret key
b. Determine the API type (Alerts, Devices, etc, see Carbon Black Cloud REST API Reference
c. Obtain API credentials from console (Settings → API Access), note down both your API ID and secret key
- Execute query in Postman
a. Click the "New" orange button on the upper left hand side
b. Name the request name to something related to the query to retrieve. As an example, for events, use: /devices/_search (see REST API Reference)
c. Create a collection where to save the request, using a pertinent name, Carbon Black Cloud, for example
d. Save the request
e. Enter the API path next to the "GET" button (For example https://defense-prod05.conferdeploy.net/appservices/v6/orgs/ORG-KEY/devices/_search? for the devices API in PROD05)
f. Under the "Params" tab, enter the query parameters, see Carbon Black Cloud REST API Reference, one parameter per row
g. Under the "Headers" tab, enter a new row, name it X-Auth-Token (under the "key" column), do not enter your X-Auth-Token in the parameters section
h. Next to the X-Auth-Token, enter your Secret Key/API ID combination as: [API Secret Key]/[API ID], without brackets or spaces, as its value (See Carbon Black Cloud API Access, under "Creating an API Key" section, step 6)
i. Click the blue button "Send" to retrieve the data
b. Name the request name to something related to the query to retrieve. As an example, for events, use: /devices/_search (see REST API Reference)
c. Create a collection where to save the request, using a pertinent name, Carbon Black Cloud, for example
d. Save the request
e. Enter the API path next to the "GET" button (For example https://defense-prod05.conferdeploy.net/appservices/v6/orgs/ORG-KEY/devices/_search? for the devices API in PROD05)
f. Under the "Params" tab, enter the query parameters, see Carbon Black Cloud REST API Reference, one parameter per row
g. Under the "Headers" tab, enter a new row, name it X-Auth-Token (under the "key" column), do not enter your X-Auth-Token in the parameters section
h. Next to the X-Auth-Token, enter your Secret Key/API ID combination as: [API Secret Key]/[API ID], without brackets or spaces, as its value (See Carbon Black Cloud API Access, under "Creating an API Key" section, step 6)
i. Click the blue button "Send" to retrieve the data
Additional Information
- As observed above, parameters should be entered in the "Params" section, the authorization token (X-Auth-Token) should be entered in the "Headers" tab
- There is a hard limit of 5k rows on the /devices API per call, and a hard limit of 10k rows on the /events API at maximum. Use the "start" and "rows" parameters to retrieve a higher number of records than those allowed by default, but it still is not permitted to exceed the maximum. See API Pagination for more information
Feedback
Yes
No
Powered by
