Carbon Black Cloud (CBC)-Enterprise EDR API (EDR) πŸ—-Auth Events-Events Search

Number of APIs: 5

  1. Get Auth Events Search Suggestions GET {{cb_url}}/api/investigate/v2/orgs/{org_key}/auth_events/search_suggestions?suggest.q=auth

  2. Start Auth Events Search Job POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs

  3. Get Auth Events Search Job Results GET {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs/{{cb_job_id}}/results

  4. Get Auth Events Search Validation GET {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_validation?q="(auth_username:Administrator)AND(device_name:test)"

  5. Get Auth Events Search Group Results POST {{cb_url}}/api/investigate/v2/orgs/{{cb_org_key}}/auth_events/search_jobs/{{cb_job_id}}/group_results