We’re Stronger Together
VMware Carbon Black has a long history of working with the open source community, including code contributions, open APIs, and reference modules for our products. Here you’ll find more information about our open source tools and how to collaborate with VMware Carbon Black on open source projects.
Security Research & Analytics
The VMware Carbon Black Cloud processes billions of events per day, analyzing attacks from all around the world. The following open source tools help security researchers, analysts, and big data engineers research threats and process petabytes of information. Use the links below to learn more about each tool including open source terms and licensing information.
Binee: Binary Emulation Environment for Malware Analysis
We’ve designed Binee to bridge the barrier between static and dynamic analysis of real-world malware. This innovative emulator helps researchers extract run-time data from binaries at a cost, speed, and scale previously only possible with static analysis tools.
EQR: Event Query Router for High-Volume Analytics
EQR is an open-source data analytics tool that gives data scientists in any industry the ability to execute large-scale queries on real-time data streams without writing code or batching transactions.
Five ways to collaborate with VMware Carbon Black
- Expand the emulation capabilities in Binee
- Add a data stream processor to EQR
- Create an integration module for the VMware Carbon Black Cloud
- Participate in a discussion on the User Exchange
- Join us for Developer Day at the next Connect event
Product Integrations
Our products are designed to be open and accessible so you can integrate them into your security stack. Here are some of our more popular publicly available product integrations.
Splunk Integration
Our integrations with Splunk, including add-ons for Endpoint Standard and EDR, and the Phantom playbooks, allow administrators to forward events and notifications from Carbon Black’s solutions to Splunk for correlation and analysis and execute orchestration playbooks in Phantom.
ThreatConnect Integration
The ThreatConnect connector for CB Response is a simple python-daemon that communicates with ThreatConnect’s API to retrieve Indicators of Compromise and format them as a Threat Intel Feed for CB Response. A similar connector to CB ThreatHunter will be available shortly.
VMray
Our integration with VMRay allows you to send binaries discovered in CB Response to VMRay for malware analysis.
Connectors and Forwarders
We maintain a number of generic connectors and forwarders, including Yara Connector, Event Forwarder, and CB API for Python, to make integration with other platforms easy.
Ready to Get Started?
See how VMware Carbon Black can help simplify and fortify your security stack today and tomorrow.