Enterprise EDR APIs and Integrations

Carbon Black Cloud Enterprise EDR (Endpoint Detection and Response) is the new name for the product formerly called CB ThreatHunter.


Enterprise EDR is an advanced threat hunting and incident response solution delivering unfiltered visibility for top security operations centers (SOCs) and incident response (IR) teams. Enterprise EDR is delivered through the Carbon Black Cloud, a next-generation endpoint protection platform that consolidates security in the cloud using a single agent, console and dataset.

Getting Started

Partners and customers can now perform any action available in the Enterprise EDR console programmatically via APIs.

This unlocks a broad set of capabilities that can be automated using our APIs.

Example Use Cases:

  • Export Events
  • Export Processes
  • Query and filter processes
  • Query and filter events
  • Feed Operations
  • Watchlist Operations

All Documents

Version Agnostic

Document Release Date
Enterprise EDR Integrations February, 2020


Document Release Date
All Platform APIs Various
Feed Manager v2 April, 2019
Feed Search v1 April, 2019
Processes Search v1 v2 October, 2020
Unified Binary Store v1 April, 2019
Watchlist v3 April, 2019
Search Fields - Processes and Enriched Events v2 October, 2020
Notification Schema v3 December, 2018


Document Deprecated Date Deactivated Date
Feed Manager v1 April, 2019 November, 2019
Process Search v0 April, 2019 November, 2019
Event Search Fields v1 April, 2019 November, 2019
Watchlist API v1 April, 2019 November, 2019
Process Search Fields v1 April, 2019 November, 2019
Last modified on June 27, 2022