Carbon Black Cloud Data Forwarder


The VMware Carbon Black Cloud platform provides SOC teams with visibility into a high volume of endpoint event context, which is critical for detection and incident response use cases. The Data Forwarder delivers that valuable endpoint event data to an AWS S3 bucket, ready for consumption by third-party solutions, such as XDR platforms, SIEMs, and Data Lake tools.


  • Carbon Black Cloud Endpoint Standard or Enterprise EDR
  • Configured S3 bucket in the same region as the tenant organization from which you’ll forward data.

Quick Links

Use Cases

Check out top use cases for the Forwarder and useful queries for filtering your data.

Support and Resources

  • Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community.
  • Report bugs and change requests to Carbon Black Support.
  • View all API and integration offerings on the Developer Network along with reference documentation, video tutorials, and how-to guides.

Give Feedback

Use this form to give us feedback about this site or any of the documentation.

Last modified on November 28, 2022