Trust Network Data Definitions
Use these Trust Network data definitions to help you analyze widgets in dashboards, to create reports, and to create automations in Workspace ONE Intelligence.
We are constantly updating this content with information. If you do not see your Trust Network Partner, we plan to list more partners soon.
Carbon Black data definitions
Ingested data that is displayed in the Intelligence Console
This listed data is ingested from Carbon Black in to Workspace ONE Intelligence and displayed in the Intelligence console.
| Data Fields | Definitions | Carbon Black API Field Names |
|---|---|---|
| Carbon Black CB Defense Event ID | Represents a unique identifier for an event, as reported by Carbon Black. | threatinfo_threatcause_causeeventid |
| Carbon Black Device Email | Lists the email address used to register a device in the Carbon Black Defense console. | deviceinfo_email |
| Carbon Black Device ID | Unique device identifier in the Carbon Black database. | deviceinfo_deviceid |
| Carbon Black Device Name | The device name as shown in the Carbon Black console. | deviceinfo_devicename |
| Carbon Black Event Description | The description of a threat event as reported by Carbon Black. | eventdescription |
| Carbon Black External IP Address | Lists the external IP address of a device, as reported by Carbon Black. | deviceinfo_externalipaddress |
| Carbon Black Group Name | Lists the name of a device group in Carbon Black Defense console. | deviceinfo_groupname |
| Carbon Black Incident ID | Unique identification for each incident generated by Carbon Black. | threatinfo_incidentid |
| Carbon Black Internal IP Address | Lists the internal IP address of a device, as reported by Carbon Black. | deviceinfo_internalipaddress |
| Carbon Black Main Process Hash (SHA256) | Lists the hash/signature of the process causing a threat event, as reported by Carbon Black. | threatinfo_threatcause_actor |
| Carbon Black Main Process Reputation | The reputation of the process, as reported by Carbon Black. | threatinfo_threatcause_reputation |
| Carbon Black Origin Source | The source of the threat, as reported by Carbon Black. | threatinfo_threatcause_originsourcetype |
| Carbon Black Rule Name | Lists the unique name used to identify a rule in the Carbon Black defense console. | rulename |
| Carbon Black Severity Score | A numbered score used by Carbon Black as a way to represent the severity of a threat event. | threatinfo_score |
| Carbon Black Threat Name | Lists the name used to identify a threat, as reported by Carbon Black. | threatinfo_threatcause_actorname |
| Carbon Black Threat Reason | The reason of the threat, as reported by Carbon Black. | threatinfo_threatcause_reason |
| Carbon Black Threat Summary | The summary of a threat event as reported by Carbon Black. | threatinfo_summary |
| Link to CB Defense Alert | Provides a link to the threat details within Carbon Black Defense console. | url |
Ingested data that is not displayed in the Intelligence Console
This listed data is ingested from Carbon Black in to Workspace ONE Intelligence but it is not displayed in the Intelligence console.
| Carbon Black API Field Names | Definitions |
|---|---|
deviceinfo_devicetype |
Lists the manufacturer or type of device as reported by Carbon Black. |
deviceinfo_deviceversion |
Lists the OS version of a device as reported by Carbon Black. |
deviceinfo_targetprioritycode |
Lists the numerical priority of the device (defined when installing the sensor on the device), as reported by Carbon Black. |
deviceinfo_targetprioritytype |
Lists the priority of the device (defined as Low, Medium, or High when installing the sensor on the device), as reported by Carbon Black. |
deviceinfo_uemid |
Lists a device unique identifier which Carbon Black reports with every threat event and is required for device correlation in Workspace ONE Intelligence. |
eventtime |
Time at which a threat event occurred, as reported by Carbon Black . |
threatinfo_indicators |
Lists the threat indicators, as reported by Carbon Black. |
threatinfo_threatcause_actorprocessppid |
The Process ID of the offending process, as reported by Carbon Black. |
threatinfo_threatcause_threatcategory |
The category of the threat, as reported by Carbon Black. |
threatinfo_time |
Indicates the time at which Carbon Black generated threat information. |
type |
Lists the type of threat, as reported by Carbon Black. |
