Carbon Black Cloud

As of January 2020, we have renamed all Carbon Black products.


The Carbon Black Cloud is a cloud-native endpoint protection platform (EPP) that provides what you need to secure your endpoints using a single, lightweight agent and an easy-to-use console.

Platform APIs are available to all Carbon Black Cloud customers:

Data Forwarder

The Data Forwarder is a streaming integration mechanism which pushes data to external storage such as an AWS S3 Bucket for subsequent ingestion to a SIEM, security lake or other custom application.

The data available includes

  • Alerts - updated in July 2023 to include Intrusion Detection System Alerts and Schema v2.0.0 with much richer metadata
  • Endpoint Events
  • Watchlist Hits
  • Authentication Events - new in January 2024

For all the detail:


Endpoint Standard — NGAV + EDR

Endpoint Standard combines the capabilities of next-generation antivirus (NGAV) + behavioral EDR to provide prevention and automated detection to defend against today’s advanced cyber attacks. Endpoint Standard is also available for Endpoint Advanced and Endpoint Enterprise customers.

Audit and Remediation

Audit and Remediation is a security operations solution that provides system audit and remote response capabilities for endpoints and workloads from a cloud-native endpoint protection platform (EPP). Audit and Remediation is also available for Endpoint Advanced and Endpoint Enterprise customers.

Enterprise EDR

Enterprise Endpoint Detection and Response, or Enterprise EDR, is a cloud-based threat hunting and incident response (IR) solution that delivers continuous visibility for top security operations centers (SOC) and IR teams. Enterprise EDR is also available for Endpoint Enterprise customers.


Workload helps you reduce the attack surface and protect critical assets with advanced security purpose-built for workloads. Increase visibility across your environment and simplify operations for IT and security.


VMware Carbon Black Container is a comprehensive security solution for both on-premise and cloud-native workloads by offering visibility, hardening, vulnerability management, and runtime protection capabilities.

API Concepts


Carbon Black Cloud APIs are authenticated using API Keys.

Role Based Access Control (RBAC)

Carbon Black Cloud APIs support Role-Based Access Control. To learn about how to leverage RBAC using APIs, view our guide here.

Rate Limiting

Carbon Black Cloud services that enforce rate limits and the expected behavior when they are exceeded.

Last modified on February 22, 2021