EDR Guides

Posted on June 26, 2018

Carbon Black EDR (Endpoint Detection and Response) is the new name for the product formerly called CB Response.

Just Starting Out

Our API Bindings are written in Python 2. We recommend learning the basics of python before continuing. Python is very easy to learn. Here are some resources to help get you started.

I know basic Python, now what? Learn by example

  1. EDR REST API QuickStart

    Our Quickstart guide is a great place to start for anyone. If you want to get your feet wet with out REST API, definitely check this out first. It will walkthrough the basics of what you need to work with our REST API.

  2. EDR Python API Examples

    We recommend taking a look at our EDR Python API (CbAPI) and the list of example scripts. Likely, there will be an existing script that already matches your use case.

  3. Development Environment Setup

    Once you have found a script that can be used for your use case, check out our video on setting up your development environment. This video will guide you through installing all the necessary tools needed for the CbAPI.

  4. Report Generation Example

    Need to generate reports? Our incident reporting script is a good example of how to accomplish this use case, while also being a good example of using the EDR REST APIs.

  5. Learn from our Integrations

    At Carbon Black we firmly believe in open APIs and code sharing. We try to open source all of our integrations so others can learn and modify our code to fit their specific use case. Here is a list of our open source integrations:


To enable cross-product functionality, we have created connectors for various products and here is a list of all the Carbon Black connectors.

Vendor Type CbR Cloud Support
Checkpoint Binary Detonation
Cyphort Binary Detonation
Fortinet FortiSandbox Binary Detonation
LastLine Binary Detonation
VirusTotal Binary Detonation
VMRay Binary Detonation
WildFire Binary Detonation
Yara Binary Detonation
STIX/TAXII Threat Intelligence
ThreatConnect Threat Intelligence
ThreatExchange Threat Intelligence
IBM Qradar SIEM Integration
Splunk Active Response App SIEM Integration
Fidelis Orchestration
InfoBlox Orchestration
IBM BigFix Other
Juniper Sky ATP Other

If you find any bugs and/or missing features, feel free to contact us or comment in the github repositories.

Advanced Use Cases

Need something more advanced or requires talking to the EDR Messaging Bus? The Event Forwarder is used to forward events into a SIEM or custom framework using the EDR Messaging Bus, its source code is valuable for learning how to interface with the EDR Messaging Bus elegantly and efficiently. If you are doing something that can’t easily be mapped by one of integrations or example scripts, we’d love to hear about it. Feel free to contact us.

Integration Description
CbAPI - Python Python API
Endpoint Standard Syslog TLS Connector Forward Alert Notifications
EDR, CB Response App for Splunk Splunk App
Duo SAML Login Provider Service 2-Factor Auth
Event Duplicator Duplicate EDR Events
Event Forwarder Connector/API Forward Events

Carbon Black Integration Network

Carbon Black Integration Network Partners support vendor interoperability to help customers build next-generation security infrastructures. Leveraging our Open APIs, Carbon Black has partnered with industry leaders to create integrated solutions that provide end-to-end protection against advanced threats.

As a member of the Carbon Black Connect program, partners can submit their products to Carbon Black for certification and promote interoperability across security solutions.