Posted on June 26, 2018
Carbon Black EDR (Endpoint Detection and Response) is the new name for the product formerly called CB Response.
Our API Bindings are written in Python 2. We recommend learning the basics of python before continuing. Python is very easy to learn. Here are some resources to help get you started.
Our Quickstart guide is a great place to start for anyone. If you want to get your feet wet with out REST API, definitely check this out first. It will walkthrough the basics of what you need to work with our REST API.
We recommend taking a look at our EDR Python API (CbAPI) and the list of example scripts. Likely, there will be an existing script that already matches your use case.
Once you have found a script that can be used for your use case, check out our video on setting up your development environment. This video will guide you through installing all the necessary tools needed for the CbAPI.
Need to generate reports? Our incident reporting script is a good example of how to accomplish this use case, while also being a good example of using the EDR REST APIs.
Learn from our Integrations
At Carbon Black we firmly believe in open APIs and code sharing. We try to open source all of our integrations so others can learn and modify our code to fit their specific use case. Here is a list of our open source integrations:
To enable cross-product functionality, we have created connectors for various products and here is a list of all the Carbon Black connectors.
|Vendor||Type||CbR Cloud Support|
|Fortinet FortiSandbox||Binary Detonation|
|IBM Qradar||SIEM Integration|
|Splunk Active Response App||SIEM Integration|
|Juniper Sky ATP||Other|
If you find any bugs and/or missing features, feel free to contact us or comment in the github repositories.
Need something more advanced or requires talking to the EDR Messaging Bus? The Event Forwarder is used to forward events into a SIEM or custom framework using the EDR Messaging Bus, its source code is valuable for learning how to interface with the EDR Messaging Bus elegantly and efficiently. If you are doing something that can’t easily be mapped by one of integrations or example scripts, we’d love to hear about it. Feel free to contact us.
|CbAPI - Python||Python API|
|Endpoint Standard Syslog TLS Connector||Forward Alert Notifications|
|EDR, CB Response App for Splunk||Splunk App|
|Duo SAML Login Provider Service||2-Factor Auth|
|Event Duplicator||Duplicate EDR Events|
|Event Forwarder Connector/API||Forward Events|
Carbon Black Integration Network Partners support vendor interoperability to help customers build next-generation security infrastructures. Leveraging our Open APIs, Carbon Black has partnered with industry leaders to create integrated solutions that provide end-to-end protection against advanced threats.
As a member of the Carbon Black Connect program, partners can submit their products to Carbon Black for certification and promote interoperability across security solutions.