We’re Stronger Together

VMware Carbon Black has a long history of working with the open source community, including code contributions, open APIs, and reference modules for our products. Here you’ll find more information about our open source tools and how to collaborate with VMware Carbon Black on open source projects.

Security Research & Analytics

The VMware Carbon Black Cloud processes billions of events per day, analyzing attacks from all around the world. The following open source tools help security researchers, analysts, and big data engineers research threats and process petabytes of information. Use the links below to learn more about each tool including open source terms and licensing information.

Binee: Binary Emulation Environment for Malware Analysis

We’ve designed Binee to bridge the barrier between static and dynamic analysis of real-world malware. This innovative emulator helps researchers extract run-time data from binaries at a cost, speed, and scale previously only possible with static analysis tools.

EQR: Event Query Router for High-Volume Analytics

EQR is an open-source data analytics tool that gives data scientists in any industry the ability to execute large-scale queries on real-time data streams without writing code or batching transactions.

Five ways to collaborate with VMware Carbon Black


  1. Expand the emulation capabilities in Binee
  2. Add a data stream processor to EQR
  3. Create an integration module for the VMware Carbon Black Cloud
  4. Participate in a discussion on the User Exchange
  5. Join us for Developer Day at the next Connect event

Product Integrations

Our products are designed to be open and accessible so you can integrate them into your security stack. Here are some of our more popular publicly available product integrations.


Splunk Integration

Our integrations with Splunk, including add-ons for Endpoint Standard and EDR, and the Phantom playbooks, allow administrators to forward events and notifications from Carbon Black’s solutions to Splunk for correlation and analysis and execute orchestration playbooks in Phantom.





ThreatConnect Integration

The ThreatConnect connector for CB Response is a simple python-daemon that communicates with ThreatConnect’s API to retrieve Indicators of Compromise and format them as a Threat Intel Feed for CB Response. A similar connector to CB ThreatHunter will be available shortly.






Our integration with VMRay allows you to send binaries discovered in CB Response to VMRay for malware analysis.




Connectors and Forwarders

We maintain a number of generic connectors and forwarders, including Yara Connector, Event Forwarder, and CB API for Python, to make integration with other platforms easy.


Ready to Get Started?

See how VMware Carbon Black can help simplify and fortify your security stack today and tomorrow.