Audit and Remediation APIs and Integrations

Carbon Black Cloud Audit and Remediation is the new name for the product formerly called CB LiveOps.


Audit and Remediation is a real-time query and remediation solution that gives teams faster, easier access to audit and change the system state of endpoints across their organization.

By providing administrators with real-time query capabilities from a cloud-native endpoint protection platform, Audit and Remediation enables teams to make quick, confident decisions to improve their security posture. Audit and Remediation closes the gap between security and operations, allowing administrators to perform full investigations and take action to remotely remediate endpoints all from a single solution.

Audit and Remediation is built on the Carbon Black Cloud, the only cloud-native endpoint protection platform (EPP) that combines on-demand query functionality with advanced prevention, detection, and response.

Getting Started

Partners and customers can now perform any action available in the Audit and Remediation console programmatically via APIs.

This means users will now be able to integrate results from Audit and Remediation with the rest of their security stack to improve workflows and enable faster, more confident responses across all workloads in their environment.

For example, with the Audit and Remediation APIs, users can schedule queries to run on regular intervals and then use the results to automatically take action on devices

Postman Collection

Use the Postman Collection in the Carbon Black Workspace to make API calls using Postman.

All Documents


Document Release Date
Differential Analysis API v1 July, 2022
Live Query API v1 January, 2020


See our latest integrations that utilize the APIs to enhance customer workflows.

Name Description Version Release Date Supported Products
CBC Python SDK Provides an easy interface to connect with Carbon Black Cloud products. Use this SDK to more easily query and manage your endpoints, manipulate data as Python objects, and harness the full power of Carbon Black Cloud APIs. 1.5.5 2024-07-11 Platform
Enterprise EDR
Endpoint Standard
Audit and Remediation
Splunk SIEM App Lets administrators bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard. 2.2.x 2023-08-17 Platform
Enterprise EDR
Endpoint Standard
Audit and Remediation

Last modified on February 27, 2023