How to use the cbapi.example_helpers.get_cb_psc_object function in cbapi

To help you get started, we’ve selected a few cbapi examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github carbonblack / cbapi-python / examples / psc / download_device_list.py View on Github external
def main():
    parser = build_cli_parser("Download device list in CSV format")
    parser.add_argument("-q", "--query", help="Query string for looking for devices")
    parser.add_argument("-A", "--ad_group_id", action="append", type=int, help="Active Directory Group ID")
    parser.add_argument("-p", "--policy_id", action="append", type=int, help="Policy ID")
    parser.add_argument("-s", "--status", action="append", help="Status of device")
    parser.add_argument("-P", "--priority", action="append", help="Target priority of device")
    parser.add_argument("-S", "--sort_by", help="Field to sort the output by")
    parser.add_argument("-R", "--reverse", action="store_true", help="Reverse order of sort")
    parser.add_argument("-O", "--output", help="File to save output to (default stdout)")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(Device)
    if args.query:
        query = query.where(args.query)
    if args.ad_group_id:
        query = query.set_ad_group_ids(args.ad_group_id)
    if args.policy_id:
        query = query.set_policy_ids(args.policy_id)
    if args.status:
        query = query.set_status(args.status)
    if args.priority:
        query = query.set_target_priorities(args.priority)
    if args.sort_by:
        direction = "DESC" if args.reverse else "ASC"
        query = query.sort_by(args.sort_by, direction)
github carbonblack / cbapi-python / examples / psc / bulk_update_watchlist_alerts.py View on Github external
def main():
    parser = build_cli_parser("Bulk update the status of watchlist alerts")
    setup_parser_with_watchlist_criteria(parser)
    parser.add_argument("-R", "--remediation", help="Remediation message to store for the selected alerts")
    parser.add_argument("-C", "--comment", help="Comment message to store for the selected alerts")
    operation = parser.add_mutually_exclusive_group(required=True)
    operation.add_argument("--dismiss", action="store_true", help="Dismiss all selected alerts")
    operation.add_argument("--undismiss", action="store_true", help="Undismiss all selected alerts")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(WatchlistAlert)
    load_watchlist_criteria(query, args)

    if args.dismiss:
        reqid = query.dismiss(args.remediation, args.comment)
    elif args.undismiss:
        reqid = query.update(args.remediation, args.comment)
    else:
        raise NotImplementedError("one of --dismiss or --undismiss must be specified")

    print("Submitted query with ID {0}".format(reqid))
    statobj = cb.select(WorkflowStatus, reqid)
    while not statobj.finished:
        print("Waiting...")
        sleep(1)
github carbonblack / cbapi-python / examples / psc / list_vmware_alerts.py View on Github external
def main():
    parser = build_cli_parser("List VMware alerts")
    setup_parser_with_vmware_criteria(parser)
    parser.add_argument("-S", "--sort_by", help="Field to sort the output by")
    parser.add_argument("-R", "--reverse", action="store_true", help="Reverse order of sort")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(VMwareAlert)
    load_vmware_criteria(query, args)
    if args.sort_by:
        direction = "DESC" if args.reverse else "ASC"
        query = query.sort_by(args.sort_by, direction)

    alerts = list(query)
    print("{0:40} {1:40s} {2:40s} {3}".format("ID", "Hostname", "Threat ID", "Last Updated"))
    for alert in alerts:
        print("{0:40} {1:40s} {2:40s} {3}".format(alert.id, alert.device_name or "None",
                                                  alert.threat_id or "Unknown",
                                                  alert.last_update_time))
github carbonblack / cbapi-python / examples / psc / list_alerts.py View on Github external
def main():
    parser = build_cli_parser("List alerts")
    setup_parser_with_basic_criteria(parser)
    parser.add_argument("-S", "--sort_by", help="Field to sort the output by")
    parser.add_argument("-R", "--reverse", action="store_true", help="Reverse order of sort")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(BaseAlert)
    load_basic_criteria(query, args)
    if args.sort_by:
        direction = "DESC" if args.reverse else "ASC"
        query = query.sort_by(args.sort_by, direction)

    alerts = list(query)
    print("{0:40} {1:40s} {2:40s} {3}".format("ID", "Hostname", "Threat ID", "Last Updated"))
    for alert in alerts:
        print("{0:40} {1:40s} {2:40s} {3}".format(alert.id, alert.device_name or "None",
                                                  alert.threat_id or "Unknown",
                                                  alert.last_update_time))
github carbonblack / cbapi-python / examples / psc / bulk_update_alerts.py View on Github external
def main():
    parser = build_cli_parser("Bulk update the status of alerts")
    setup_parser_with_basic_criteria(parser)
    parser.add_argument("-R", "--remediation", help="Remediation message to store for the selected alerts")
    parser.add_argument("-C", "--comment", help="Comment message to store for the selected alerts")
    operation = parser.add_mutually_exclusive_group(required=True)
    operation.add_argument("--dismiss", action="store_true", help="Dismiss all selected alerts")
    operation.add_argument("--undismiss", action="store_true", help="Undismiss all selected alerts")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(BaseAlert)
    load_basic_criteria(query, args)

    if args.dismiss:
        reqid = query.dismiss(args.remediation, args.comment)
    elif args.undismiss:
        reqid = query.update(args.remediation, args.comment)
    else:
        raise NotImplementedError("one of --dismiss or --undismiss must be specified")

    print("Submitted query with ID {0}".format(reqid))
    statobj = cb.select(WorkflowStatus, reqid)
    while not statobj.finished:
        print("Waiting...")
        sleep(1)
github carbonblack / cbapi-python / examples / psc / list_watchlist_alerts.py View on Github external
def main():
    parser = build_cli_parser("List watchlist alerts")
    setup_parser_with_watchlist_criteria(parser)
    parser.add_argument("-S", "--sort_by", help="Field to sort the output by")
    parser.add_argument("-R", "--reverse", action="store_true", help="Reverse order of sort")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(WatchlistAlert)
    load_watchlist_criteria(query, args)
    if args.sort_by:
        direction = "DESC" if args.reverse else "ASC"
        query = query.sort_by(args.sort_by, direction)

    alerts = list(query)
    print("{0:40} {1:40s} {2:40s} {3}".format("ID", "Hostname", "Threat ID", "Last Updated"))
    for alert in alerts:
        print("{0:40} {1:40s} {2:40s} {3}".format(alert.id, alert.device_name or "None",
                                                  alert.threat_id or "Unknown",
                                                  alert.last_update_time))
github carbonblack / cbapi-python / examples / psc / bulk_update_cbanalytics_alerts.py View on Github external
def main():
    parser = build_cli_parser("Bulk update the status of CB Analytics alerts")
    setup_parser_with_cbanalytics_criteria(parser)
    parser.add_argument("-R", "--remediation", help="Remediation message to store for the selected alerts")
    parser.add_argument("-C", "--comment", help="Comment message to store for the selected alerts")
    operation = parser.add_mutually_exclusive_group(required=True)
    operation.add_argument("--dismiss", action="store_true", help="Dismiss all selected alerts")
    operation.add_argument("--undismiss", action="store_true", help="Undismiss all selected alerts")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    query = cb.select(CBAnalyticsAlert)
    load_cbanalytics_criteria(query, args)

    if args.dismiss:
        reqid = query.dismiss(args.remediation, args.comment)
    elif args.undismiss:
        reqid = query.update(args.remediation, args.comment)
    else:
        raise NotImplementedError("one of --dismiss or --undismiss must be specified")

    print("Submitted query with ID {0}".format(reqid))
    statobj = cb.select(WorkflowStatus, reqid)
    while not statobj.finished:
        print("Waiting...")
        sleep(1)
github carbonblack / cbapi-python / examples / psc / device_control.py View on Github external
subparsers.add_parser("uninstall", help="Uninstall sensor")

    quarantine_p = subparsers.add_parser("quarantine", help="Set quarantine mode")
    toggle = quarantine_p.add_mutually_exclusive_group(required=True)
    toggle.add_argument("--on", action="store_true", help="Enable quarantine mode")
    toggle.add_argument("--off", action="store_true", help="Disable quarantine mode")

    policy_p = subparsers.add_parser("policy", help="Update policy for node")
    policy_p.add_argument("-p", "--policy_id", type=int, required=True, help="New policy ID to set for node")

    sensorv_p = subparsers.add_parser("sensor_version", help="Update sensor version for node")
    sensorv_p.add_argument("-o", "--os", required=True, help="Operating system for sensor")
    sensorv_p.add_argument("-V", "--version", required=True, help="Version number of sensor")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)
    dev = cb.select(Device, args.device_id)

    if args.command:
        if args.command == "background_scan":
            dev.background_scan(toggle_value(args))
        elif args.command == "bypass":
            dev.bypass(toggle_value(args))
        elif args.command == "delete":
            dev.delete_sensor()
        elif args.command == "uninstall":
            dev.uninstall_sensor()
        elif args.command == "quarantine":
            dev.quarantine(toggle_value(args))
        elif args.command == "policy":
            dev.update_policy(args.policy_id)
        elif args.command == "sensor_version":
github carbonblack / cbapi-python / examples / psc / bulk_update_threat_alerts.py View on Github external
def main():
    parser = build_cli_parser("Bulk update the status of alerts by threat ID")
    parser.add_argument("-T", "--threatid", action="append", type=str, required=True,
                        help="Threat IDs to update the alerts for")
    parser.add_argument("-R", "--remediation", help="Remediation message to store for the selected alerts")
    parser.add_argument("-C", "--comment", help="Comment message to store for the selected alerts")
    operation = parser.add_mutually_exclusive_group(required=True)
    operation.add_argument("--dismiss", action="store_true", help="Dismiss all selected alerts")
    operation.add_argument("--undismiss", action="store_true", help="Undismiss all selected alerts")

    args = parser.parse_args()
    cb = get_cb_psc_object(args)

    if args.dismiss:
        reqid = cb.bulk_threat_dismiss(args.threatid, args.remediation, args.comment)
    elif args.undismiss:
        reqid = cb.bulk_threat_update(args.threatid, args.remediation, args.comment)
    else:
        raise NotImplementedError("one of --dismiss or --undismiss must be specified")

    print("Submitted query with ID {0}".format(reqid))
    statobj = cb.select(WorkflowStatus, reqid)
    while not statobj.finished:
        print("Waiting...")
        sleep(1)
    if statobj.errors:
        print("Errors encountered:")
        for err in statobj.errors: