1. Advisor
  2. cbapi
  3. functions
  4. cbapi.response.CbEnterpriseResponseAPI
View all cbapi analysis

How to use the cbapi.response.CbEnterpriseResponseAPI function in cbapi

To help you get started, we’ve selected a few cbapi examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github redcanaryco / cb-response-surveyor / surveyor.py View on Github external
err('defdir does not exist')
      sys.exit(1)
    for root, dirs, files in os.walk(args.defdir):
      for filename in files:
        if filename.endswith('.json'):
          definition_files.append(os.path.join(root, filename))
    
  if _python3:
    output_file = open(output_filename, 'w', newline='')
  else:
    output_file = open(output_filename, 'wb')
  writer = csv.writer(output_file)
  writer.writerow(["endpoint","username","process_path","cmdline","program","source"])

  if args.profile:
    cb = CbEnterpriseResponseAPI(profile=args.profile)
  else:
    cb = CbEnterpriseResponseAPI()

  if args.query:
    log("Processing query", newline='')
    result_set = process_search(cb, args.query, query_base)

    result_count = len(result_set)
    log(': %s results' % result_count)

    for r in result_set:
      row = [r[0], r[1], r[2], r[3], args.query, 'query']
      if _python3 == False:
        row = [col.encode('utf8') if isinstance(col, unicode) else col for col in row]
      writer.writerow(row)
  elif args.iocfile:
github redcanaryco / redcanary-response-utils / usb-util.py View on Github external
# Output options
    parser.add_argument("--timestamps", action="store_true",
                        help="Include timestamps in results.")

    args = parser.parse_args()

    if args.queryfile:
        sys.exit("queryfile not supported in this utility")

    if args.prefix:
        output_filename = '%s-usbstor.csv' % args.prefix
    else:
        output_filename = 'usbstor.csv'

    if args.profile:
        cb = CbEnterpriseResponseAPI(profile=args.profile)
    else:
        cb = CbEnterpriseResponseAPI()

    output_file = open(output_filename, 'w')
    writer = csv.writer(output_file, quoting=csv.QUOTE_ALL)

    header_row = ['endpoint', 'vendor', 'product', 'version', 'serial']
    if args.timestamps == True:
        header_row.insert(0, 'timestamp')
    writer.writerow(header_row)

    for term in search_terms:
        query = 'process_name:ntoskrnl.exe regmod:%s' % term

        if args.days:
            query += ' last_update:-%dm' % (args.days*1440)
github carbonblack / cbapi-python / src / cbapi / live_response_api.py View on Github external
raise LiveResponseError(res)
        else:
            time.sleep(delay)

    raise TimeoutError(uri=url, message="timeout polling for Live Response")


if __name__ == "__main__":
    from cbapi.response import CbEnterpriseResponseAPI
    import logging
    root = logging.getLogger()
    root.addHandler(logging.StreamHandler())

    logging.getLogger("cbapi").setLevel(logging.DEBUG)

    c = CbEnterpriseResponseAPI()
    j = GetFileJob(r"c:\test.txt")
    with c.select(Sensor, 3).lr_session() as lr_session:
        file_contents = lr_session.get_file(r"c:\test.txt")

    future = c.live_response.submit_job(j.run, 3)
    wait([future, ])
    print(future.result())
github redcanaryco / redcanary-response-utils / usb-util.py View on Github external
help="Include timestamps in results.")

    args = parser.parse_args()

    if args.queryfile:
        sys.exit("queryfile not supported in this utility")

    if args.prefix:
        output_filename = '%s-usbstor.csv' % args.prefix
    else:
        output_filename = 'usbstor.csv'

    if args.profile:
        cb = CbEnterpriseResponseAPI(profile=args.profile)
    else:
        cb = CbEnterpriseResponseAPI()

    output_file = open(output_filename, 'w')
    writer = csv.writer(output_file, quoting=csv.QUOTE_ALL)

    header_row = ['endpoint', 'vendor', 'product', 'version', 'serial']
    if args.timestamps == True:
        header_row.insert(0, 'timestamp')
    writer.writerow(header_row)

    for term in search_terms:
        query = 'process_name:ntoskrnl.exe regmod:%s' % term

        if args.days:
            query += ' last_update:-%dm' % (args.days*1440)
        elif args.minutes:
            query += ' last_update:-%dm' % args.minutes
github redcanaryco / redcanary-response-utils / process-util.py View on Github external
output_filename = 'processes.csv'

    if args.append == True or args.queryfile is not None:
        file_mode = 'a'
    else:
        file_mode = 'w'

    if args.days:
        query_base = ' start:-{0}m'.format(args.days*1440)
    elif args.minutes:
        query_base = ' start:-{0}m'.format(args.minutes)
    else:
        query_base = ''

    if args.profile:
        cb = CbEnterpriseResponseAPI(profile=args.profile)
    else:
        cb = CbEnterpriseResponseAPI()

    if args.groupby:
        groupby = args.groupby
    else:
        groupby = None

    queries = []
    if args.query:
        queries.append(args.query)
    elif args.queryfile:
        with open(args.queryfile, 'r') as f:
            for query in f.readlines():
                queries.append(query.strip())
        f.close()
github redcanaryco / redcanary-response-utils / timeline.py View on Github external
# argparse foolery, by all means . . .
    if args.filemods == False and \
       args.netconns == False and \
       args.processes == False and \
       args.regmods == False:
        (filemods, netconns, processes, regmods) = (True, True, True, True)
    else:
        filemods = args.filemods
        netconns = args.netconns
        processes = args.processes
        regmods = args.regmods

    if args.profile:
        cb = CbEnterpriseResponseAPI(profile=args.profile)
    else:
        cb = CbEnterpriseResponseAPI()

    queries = []
    if args.query:
        queries.append(args.query)
    elif args.queryfile:
        with open(args.queryfile, 'r') as f:
            for query in f.readlines():
                queries.append(query.strip())
        f.close()
    else:
        queries.append('')

    file = open(filename, file_mode)
    writer = csv.writer(file)
    writer.writerow(["event_type",
                     "timestamp",
github redcanaryco / redcanary-response-utils / timeline.py View on Github external
# all to True. If any are set to True, then evaluate each independently.
    # If you're reading this and know of a cleaner way to do this, ideally via
    # argparse foolery, by all means . . .
    if args.filemods == False and \
       args.netconns == False and \
       args.processes == False and \
       args.regmods == False:
        (filemods, netconns, processes, regmods) = (True, True, True, True)
    else:
        filemods = args.filemods
        netconns = args.netconns
        processes = args.processes
        regmods = args.regmods

    if args.profile:
        cb = CbEnterpriseResponseAPI(profile=args.profile)
    else:
        cb = CbEnterpriseResponseAPI()

    queries = []
    if args.query:
        queries.append(args.query)
    elif args.queryfile:
        with open(args.queryfile, 'r') as f:
            for query in f.readlines():
                queries.append(query.strip())
        f.close()
    else:
        queries.append('')

    file = open(filename, file_mode)
    writer = csv.writer(file)
github redcanaryco / redcanary-response-utils / sensor-util.py View on Github external
help="Count processes associated with this sensor.")
    parser.add_argument("--tamper-count", action="store_true",
                        help="Count tamper events associated with this sensor.")

    parser.add_argument("--checkin-ip", action="store_true",
                        help="Return the latest public IP associated with the sensor.")

    args = parser.parse_args()

    if args.prefix:
        output_filename = '%s-sensors.csv' % args.prefix
    else:
        output_filename = 'sensors.csv'

    if args.profile:
        cb = CbEnterpriseResponseAPI(profile=args.profile)
    else:
        cb = CbEnterpriseResponseAPI()

    output_file = open(output_filename, 'w')
    writer = csv.writer(output_file, quoting=csv.QUOTE_ALL)

    header_row = ['computer_name', 
                  'computer_dns_name',
                  'sensor_group_id',
                  'os',
                  'os_type',
                  'computer_sid',
                  'last_checkin_time',
                  'registration_time',
                  'network_adapters',
                  'id',

cbapi

Carbon Black REST API Python Bindings

GitHub
MIT
Latest version published 3 months ago

Package Health Score

67 / 100
Full package analysis

Popular cbapi functions

Similar packages