check-circle-line exclamation-circle-line close-line

<

Use these Trust Network data definitions to help you analyze widgets in dashboards, to create reports, and to create automations in Workspace ONE Intelligence.

We are constantly updating this content with information. If you do not see your Trust Network Partner, we plan to list more partners soon.

Carbon Black Data Definitions

Ingested Data That Is Displayed in the Intelligence Console

This listed data is ingested from Carbon Black in to Workspace ONE Intelligence and displayed in the Intelligence console.

Data Fields Definitions Carbon Black API Field Names
Carbon Black CB Defense Event ID Represents a unique identifier for an event, as reported by Carbon Black. threatinfo_threatcause_causeeventid
Carbon Black Device Email Lists the email address used to register a device in the Carbon Black Defense console. deviceinfo_email
Carbon Black Device ID Unique device identifier in the Carbon Black database. deviceinfo_deviceid
Carbon Black Device Name The device name as shown in the Carbon Black console. deviceinfo_devicename
Carbon Black Event Description The description of a threat event as reported by Carbon Black. eventdescription
Carbon Black External IP Address Lists the external IP address of a device, as reported by Carbon Black. deviceinfo_externalipaddress
Carbon Black Group Name Lists the name of a device group in Carbon Black Defense console. deviceinfo_groupname
Carbon Black Incident ID Unique identification for each incident generated by Carbon Black. threatinfo_incidentid
Carbon Black Internal IP Address Lists the internal IP address of a device, as reported by Carbon Black. deviceinfo_internalipaddress
Carbon Black Main Process Hash (SHA256) Lists the hash/signature of the process causing a threat event, as reported by Carbon Black. threatinfo_threatcause_actor
Carbon Black Main Process Reputation The reputation of the process, as reported by Carbon Black. threatinfo_threatcause_reputation
Carbon Black Origin Source The source of the threat, as reported by Carbon Black. threatinfo_threatcause_originsourcetype
Carbon Black Rule Name Lists the unique name used to identify a rule in the Carbon Black defense console. rulename
Carbon Black Severity Score A numbered score used by Carbon Black as a way to represent the severity of a threat event. threatinfo_score
Carbon Black Threat Name Lists the name used to identify a threat, as reported by Carbon Black. threatinfo_threatcause_actorname
Carbon Black Threat Reason The reason of the threat, as reported by Carbon Black. threatinfo_threatcause_reason
Carbon Black Threat Summary The summary of a threat event as reported by Carbon Black. threatinfo_summary
Link to CB Defense Alert Provides a link to the threat details within Carbon Black Defense console. url

Ingested Data That Is Not Displayed in the Intelligence Console

This listed data is ingested from Carbon Black in to Workspace ONE Intelligence but it is not displayed in the Intelligence console.

Carbon Black API Field Names Definitions
deviceinfo_devicetype Lists the manufacturer or type of device as reported by Carbon Black.
deviceinfo_deviceversion Lists the OS version of a device as reported by Carbon Black.
deviceinfo_targetprioritycode Lists the numerical priority of the device (defined when installing the sensor on the device), as reported by Carbon Black.
deviceinfo_targetprioritytype Lists the priority of the device (defined as Low, Medium, or High when installing the sensor on the device), as reported by Carbon Black.
deviceinfo_uemid Lists a device unique identifier which Carbon Black reports with every threat event and is required for device correlation in Workspace ONE Intelligence.
eventtime Time at which a threat event occurred, as reported by Carbon Black .
threatinfo_indicators Lists the threat indicators, as reported by Carbon Black.
threatinfo_threatcause_actorprocessppid The Process ID of the offending process, as reported by Carbon Black.
threatinfo_threatcause_threatcategory The category of the threat, as reported by Carbon Black.
threatinfo_time Indicates the time at which Carbon Black generated threat information.
type Lists the type of threat, as reported by Carbon Black.