MDR Ecosystem: API and Integrations

You can integrate Carbon Black MDR communications into your automated workflows and third-party applications.

Alerts v7 API

The Alerts v7 API includes the following information:

Whether the alert is MDR-eligible (mdr_alert, alert_origin)
MDR workflow state (mdr_workflow.status)
MDR determination (mdr_determination.value)

The Get Alert History API contains the alert history, including MDR analyst comments.

Data Forwarder

The Alert Forwarder v2 schema includes the same key MDR information as the Alerts v7 API schema.

If the MDR analyst changes the MDR alert determination, the alert is re-forwarded.

Splunk Integration

The Carbon Black Cloud Splunk app’s Alert Details dashboard has a build-in Alert History section where you can view the MDR determination and MDR analyst comments. See Splunk SIEM and Get Alert History using Splunk SIEM.

Example of MDR alert history shown in Splunk