To keep the data in sync, without manual or periodic full sync of the workload inventory, you must set up an event mechanism. The Azure Event Grid message distribution service provides such a mechanism. It delivers events for any changes related to your target Azure resources to the Carbon Black Cloud API endpoint.

Perform the procedure below for the following event subscription setup.

  • Create an Event Grid subscription at the Azure subscription level.
  • Subscribe to the Success type of events. This subscription mechanism triggers notifications in the Carbon Black Cloud console only when operations, such as create, update, and delete, are performed on a resource and complete successfully. The system does not trigger a notification (deliver events) if operations on a resource result with a failure or cancelation.

For details, see What is Azure Event Grid?


Ensure you are familiar with the Cloud Event v1.0 schema for consuming events. The Azure Event Grid supports the Cloud Event v1.0 schema for describing event data. The Cloud Event schema is a vendor-neutral specification for defining the format of event data. Carbon Black uses it as the event structure for communication between the Event Grid subscription and the Carbon Black Cloud system. For details, see CloudEvents v1.0 schema with Azure Event Grid.


  1. From the Azure portal, navigate to Home > Event Grid Subscription.
    If you do not see it under Azure services, use the search text box at the top of the page.
  2. Click + Event Subscription.
    The Create Event Subscription window displays.
  3. Enter a name for the event subscription and select the Cloud Event Schema 1.0 as the schema of events being delivered through the event subscription.
  4. Select Azure Subscriptions as the Event Grid topic type and then, select your Azure subscription.
  5. Select a resource group and enter a name for the Event Grid topic, which receives events published by the Azure services.
  6. Select the following event types from the related drop-down menu.
    • Resource Write Success
    • Resource Delete Success
    • Resource Action Success
  7. Select Web Hook as your endpoint type for handling events.
    This is the destination where the events are sent and further processed by the handler.
  8. Click the Select an endpoint link and enter the Carbon Black Cloud API endpoint.
    Note: The Event Grid message distribution service supports only HTTPS webhook endpoints.
    For example:
  9. To receive events only for changes in your virtual machines and configure the event subscription mechanism, select the Filters tab, click the Add new filter link, and enter the following values.
    1. In the Key text box, type data.resourceProvider.
    2. In the Operator drop-down menu, select String contains.
    3. In the Value text box, add the following values.
      • Microsoft.Compute
      • Microsoft.Network
  10. To authenticate the webhook API, go to the Delivery Properties tab, and set the following custom headers with fixed value.
    • x-public-cloud-account-id The Azure subscription ID.
    • x-Auth-Token The Carbon Black Cloud <API_Secret_Key>/<API_ID>.
    This is an example of defined headers, which you can include in the request sent to the destination.
    Header name Type Value
    orgKey Static 8X3TJVYW7
    x-public-cloud-account-id Static d4674f03-3004-32s7-ag40-78f12783b7c9
    x-public-cloud-provision-template-version Static 1.0
    x-public-cloud-provider Static AZURE
    The set HTTP header is included in the delivered events.
  11. To set the authentication token that the event mechanism uses to reach Carbon Black Cloud API as invisible to non-admin users, select the Is secret? check box.