• Predictive Security Cloud (PSC) Console: All Versions
  • CB Defense
  • CB LiveOps
  • CB ThreatHunter
  • CB ThreatSight
• Machine able to run Postman

This article uses an undocumented API route which is not officially supported and may change or disappear at any time

1. Log into Console
2. Go to Settings > API Keys
3. Copy Org ID
4. Click 'Add API Key' button
5. 'Add API Key' modal/pop-up appears
6. Enter name for easy identification

   Example: Malware_Removal_Export

7. Set Access Level

   Access level: Custom
   Custom access level: View All
   
   *Warning message can be ignored:
   This permission set may contain unversioned APIs. Visit developer.carbonblack.com for all currently supported/versioned APIs.

8. Enter Description as desired
9. Click 'Save'
10. Copy API credentials displayed ({{api_id}}, {{secret_key}} below)

1. Download and install Postman
2. Download configuration JSON file and import into Postman
3. Define variables and name the Environment for use with API calls

   {{api_id}}
   {{environment}}
   {{org_id}}
   {{secret_key}
   

4. Select the Environment created
5. View Collection named 'Malware Removal Export'
6. Run the 'Malware Detected' call
7. Click 'Save Response' > 'Save to a file' and name the file (Ex: Malware_Detected.json)
8. Run the 'Malware Deleted' call
9. Click 'Save Response' > 'Save to a file' and name the file (Ex: Malware_Deleted.json)

• The '/binary/knownbad' API is served to the Console and not currently configured to work as a standalone API, which is why the Access Level is a User role from the Console
• For ease of use, there are a number of options available online to convert JSON files to CSV using Python, Java, etc.