Threat Tracer API
Overview
Threat Tracer is a graphical data analysis and investigation tool that is designed for visualizing complex security data, thereby enabling security teams to efficiently investigate potential threats and maintain a comprehensive, collaborative investigation process. By leveraging the relationship-based view and intuitive exploration features, analysts can quickly identify attack patterns and respond effectively to emerging threats.
Threat Tracer allows visual analysis and exploration of threat data gathered by Carbon Black Cloud Enterprise EDR.
Threat Tracer allows Incident Responders (IR), Threat Hunters, and SOC Analysts to easily visualize, analyze, and contextualize complex threat and security data. With Threat Tracer , you can map out relationships between various security datapoints, track incidents, and gain a clearer understanding of potential threats across your environment.
Threat Tracer is designed for users and teams that have high demands and need powerful tools to answer complex security questions. By using Threat Tracer , security teams can make better-informed decisions to protect their organizations and react to potential threats.
Use Cases
- Visually investigate and contextually understand potential threats
- Track investigation progress
- Collaborate with team members
- Remediate threats
- Provide input for incident reports
Requirements
- Enterprise EDR product
Resources
API Calls
Threat Tracer is a UI focused feature with APIs designed for graphical visualization and to enable future improvements the team has decided to not document the APIs.
The data Threat Tracer visualizes can be retrieved from the following APIs:
If you have an integration usecase that the team is not aware of, please reach out through a Support Case or on the CB Developer Community Forum.
Last modified on June 30, 2025