Processes Search API

The GET Process Search Validation endpoint has been deprecated and replaced by a POST endpoint . Please use the POST Process Search Validation v2 instead.

This endpoint will be deactivated on September 5, 2024.

The Search Suggestions v1 endpoint has been deprecated and replaced by the v2 endpoint . Please use the Process Search Suggestion v2 instead.

This endpoint will be deactivated on September 5, 2024.

Calls for Processes

The following calls search on and return processes.

Process Search Suggestions (v1)

Returns suggestions for a process search selected from fields and values as reported in the organization’s system. Will return values for the specified field if at least one character follows the colon. Returns null if no characters follow the colon.

API Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud org.search.events READ Majority of environments
VMware Cloud Services Platform _API.Search:org.Events:read N/A - included in permission name Prod UK and AWS GovCloud (US)

Request

GET {cbc-hostname}/api/investigate/v1/orgs/{org_key}/processes/search_suggestions

Query Schema

Field Definition Data Type Values
suggest.q REQUIRED Query to generate suggestions for String N/A
suggest.count Number of suggestions to return Integer Default: 50

Response

Code Description Content-Type Content
200 Successfully suggested process search fields application/json View example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-eap01.conferdeploy.net/api/investigate/v1/orgs/ABCD1234/processes/search_suggestions?suggest.q=process_cmd&suggest.count=1

Response

{
    "suggestions": [
        {
            "term": "process_name",
            "weight": 2800,
            "required_skus_all": [],
            "required_skus_some": [
                "threathunter",
                "defense"
            ]
        }
    ]
}

Process Search Validation (v1)

Validates a given process query and potentially gives suggestions on how to fix invalid queries.

API Permissions Required

Identity Manager Permission (.notation name) Operation(s) Environment
Carbon Black Cloud org.search.events READ Majority of environments
VMware Cloud Services Platform _API.Search:org.Events:read N/A - included in permission name Prod UK and AWS GovCloud (US)

Request

GET {cbc-hostname}/api/investigate/v1/orgs/{org_key}/processes/search_validation

Query Schema

Field Definition Data Type Values
q REQUIRED Keeping this parameter as *:* allows you to query everything String N/A
cb.min_backend_timestamp Start time for the query Integer Epoch timestamp in milliseconds
Default: 0
cb.max_backend_timestamp End time for the query Integer Epoch timestamp in milliseconds

Response

Code Description Content-Type Content
200 Successfully validated process search application/json View example response below
400 The JSON body was malformed, or some part of the JSON body included an invalid value N/A N/A
403 Forbidden N/A N/A
500 Internal Server Error N/A N/A

Example

Request

GET https://defense-eap01.conferdeploy.net/api/investigate/v1/orgs/ABCD1234/processes/search_validation?q=process

Response

{
    "valid": true,
    "value_search_query": true
}


Last modified on April 11, 2023