Cloud Platform APIs and Integrations


We have extended the capabilities of the Devices API by improving the methods of retrieving device information, and adding functionality to perform actions. We have also extended the capabilities of the Alerts API by improving the methods of retrieving alerts, and adding functionality to manage the workflow by updating the alert status.

Getting Started

Platform APIs are available to all Carbon Black Cloud customers. These platform level APIs are augmented by product specific APIs. Below is a list of APIs available.


Carbon Black Cloud APIs and Services are authenticated via API Keys. This means that in order to access the data in Carbon Black Cloud via API, you must set up Access Levels and API Keys in the Carbon Black Cloud Console. For more information see Authentication


See our latest guides for additional context beyond what the API documentation defines.

Postman Collection

Import the Carbon Black Cloud collection to make API calls using Postman.

All Documents


Document Release Date
Access Profiles and Grants API v2 May, 2021
Alerts API v6 September, 2019
Devices API v6 February, 2020
Data Forwarder API v2 November, 2021
Data Forwarder Fields v1 November, 2021
Job Service API v1 May, 2020
Live Response API v6 April, 2021
Network Threat Metadata API v1 March, 2023
Observations API v2 March, 2023
Policy Service API v1 April, 2022
Processes Search API v1 v2 October, 2020
Reputation Overrides API v6 June, 2021
Sensor Update Services API v2 August, 2020
Search Fields - Investigate v2
Processes, Observations, Auth Events and Enriched Event Searches
March 2023
User Management API v6 May, 2021
Vulnerability Assessment v1 August, 2021

Note: Enriched Events Search API has moved under Endpoint Standard as this API is only available for customers with Endpoint Standard enabled. See Endpoint Standard.


Document Deprecated Date Deactivated Date
Devices v3 API (Previously Endpoint Standard) September, 2019
Live Response API April, 2021
Data Forwarder API v1 November, 2021


Document Deprecated Date Deactivated Date
Alerts v3 API (Previously Endpoint Standard September, 2019 January 31st, 2022


See our latest integrations that utilize the APIs to enhance customer workflows.

Name Description Version Release Date Supported Products
CBC Python SDK Provides an easy interface to connect with Carbon Black Cloud products. Use this SDK to more easily query and manage your endpoints, manipulate data as Python objects, and harness the full power of Carbon Black Cloud APIs. 1.4.2 2023-03-22 Platform
Enterprise EDR
Endpoint Standard
Audit and Remediation
Data Forwarder Built in to the Carbon Black Cloud platform; Delivers Alert, Event and Watchlist Hit data to an AWS S3 bucket, ready for consumption by third-party solutions. N/A 2020 Platform
Enterprise EDR
Endpoint Standard
Splunk App Lets administrators bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard. 1.1.8 2023-01-12 Platform
Enterprise EDR
Endpoint Standard
Audit and Remediation
Syslog Connector Lets administrators forward alert notifications and audit logs from their Carbon Black Cloud instance to local, on-premise systems. 1.3.1 2021-01-15 Platform
Enterprise EDR
Endpoint Standard
Zscaler Sandbox Connector Scans files from Carbon Black Cloud Endpoint Standard or Enterprise EDR that come through the network before they reach the endpoint. 1.1 2021-12-06 Enterprise EDR
Endpoint Standard
Last modified on March 15, 2023