Enterprise EDR APIs and Integrations
Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.
Introduction
Enterprise EDR is an advanced threat hunting and incident response solution delivering unfiltered visibility for top security operations centers (SOCs) and incident response (IR) teams. Enterprise EDR is delivered through the Carbon Black Cloud, a next-generation endpoint protection platform that consolidates security in the cloud using a single agent, console and dataset.
Getting Started
Partners and customers can now perform any action available in the Enterprise EDR console programmatically via APIs.
This unlocks a broad set of capabilities that can be automated using our APIs.
Example Use Cases:
- Export Events
- Export Processes
- Query and filter processes
- Query and filter events
- Feed Operations
- Watchlist Operations
Postman Collection
Use the Postman Collection in the Carbon Black Workspace to make API calls using Postman.
All Documents
Latest
| Document | Version | Release Date |
|---|---|---|
| All Platform APIs | Various | |
| Auth Events API | March, 2023 | |
| Feed Manager API | v2 | April, 2019 |
| Feed Search API | v1 | April, 2019 |
| Processes Search API | v1 v2 | October, 2020 |
| Threat Hunt API | v1 | October, 2023 |
| Unified Binary Store API | v1 | April, 2019 |
| Watchlist API | v3 | April, 2019 |
| Search Fields - Processes and Enriched Events | v2 | October, 2020 |
| Notification Schema | v3 | December, 2018 |
Deprecated
| Document | Version | Deprecated Date | Deactivated Date |
|---|---|---|---|
| Feed Manager | v1 | April, 2019 | November, 2019 |
| Process Search | v0 | April, 2019 | November, 2019 |
| Event Search Fields | v1 | April, 2019 | November, 2019 |
| Watchlist API | v1 | April, 2019 | November, 2019 |
| Process Search Fields | v1 | April, 2019 | November, 2019 |
Integrations
See our latest integrations that utilize the APIs to enhance customer workflows.
| Name | Description | Version | Release Date | Supported Products |
|---|---|---|---|---|
| Binary Toolkit | Lets you integrate between Carbon Black Cloud Enterprise EDR and a binary analysis engine, like YARA. | 1.1.0 | 2020-11-20 | Enterprise EDR |
| CBC Python SDK | Provides an easy interface to connect with Carbon Black Cloud products. Use this SDK to more easily query and manage your endpoints, manipulate data as Python objects, and harness the full power of Carbon Black Cloud APIs. | 1.5.6 | 2024-07-26 | Platform Workload Enterprise EDR Endpoint Standard Audit and Remediation |
| Data Forwarder | Built in to the Carbon Black Cloud platform; Delivers Alert, Event and Watchlist Hit data to an AWS S3 bucket, ready for consumption by third-party solutions. | N/A | 2020 | Platform Workload Enterprise EDR Endpoint Standard |
| QRadar App | Configures a connection in QRadar to ingest alerts, audit logs, and events from Carbon Black Cloud using the Data Forwarder and APIs into IBM QRadar. Actions such as quarantining devices and adding IOCs to watchlists can be initiated in QRadar to take effect in Carbon Black Cloud. | 2.3.0 | 2024-06-05 | Platform Workload Enterprise EDR Endpoint Standard |
| Service Now: ITSM App SecOps App Vulnerability Response (VR) App |
Ingest Alerts and Vulnerabilities from Carbon Black Cloud to Service Now and automatically create Service Now incidents to track the resolution. A large set of actions such as quarantining devices are available to be initiated in ServiceNow and take effect in Carbon Black Cloud. | ITSM App: 3.0.0 SecOps App: 3.0.0 VR: 2.0.0 |
2024-03 | Platform Workload Enterprise EDR Endpoint Standard |
| Splunk SIEM App | Lets administrators bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard. | 2.2.x | 2023-08-17 | Platform Workload Enterprise EDR Endpoint Standard Audit and Remediation |
| Syslog Connector | Lets administrators forward alerts and audit logs from their Carbon Black Cloud instance to local, on-premise systems. | 2.0.3 | 2024-03-25 | Platform Enterprise EDR Endpoint Standard |
| Threat Intelligence Connector | A python connector for ingesting and processing STIX Content from various third party sources, such as TAXII servers or directly from XML or JSON files. | 1.10 | 2024-07-25 | Enterprise EDR |
| DEPRECATED Zscaler Sandbox Connector |
This integration is deprecated and no longer maintained. Scans files from Carbon Black Cloud Endpoint Standard or Enterprise EDR that come through the network before they reach the endpoint. |
1.1 | 2021-12-06 | Enterprise EDR Endpoint Standard |
Last modified on June 13, 2023