Issue
The user would like to export all USB device data that have been recorded by the Carbon Black Console. The main goal is to store the data in a third party service e.g Splunk.
Environment
VMware Carbon Black Cloud.
EDR Standard
Resolution
There is no option to export data to a CSV via API or GUI. You can collect the data via API via the following methods provided by VMware Carbon Black, they suggest:
Create a blank search to pull all the Device data from the console over API aka {} it will match all and return all results.
See the following CURL example:
curl --location --request POST 'https://defense.conferdeploy.net/device_control/v3/orgs/ORG_KEY/devices/_search' \
--header 'x-auth-token: API KEY/API ID' \
--header 'Content-Type: application/json' \
--data-raw '{}'
Another option or reference will be:
Published APIs for Device Control:
https://developer.carbonblack.com/reference/carbon-black-cloud/cb-defense/latest/device-control-api/#search-usb-devices
It is also available in the CBC Python SDK:
https://carbon-black-cloud-python-sdk.readthedocs.io/en/latest/device-control/
The following document provides a full list of USB devices and update us with the results: https://developer.carbonblack.com/reference/carbon-black-cloud/cb-defense/latest/device-control-api/#usb-devices
Comments
0 comments
Please sign in to leave a comment.