From df357c7c9ef606fada4f42fb4760c88d9f899072 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Dec 2021 20:30:27 +0000 Subject: [PATCH 01/11] Bump lxml in /examples/threathunter/threat_intelligence Bumps [lxml](https://github.com/lxml/lxml) from 4.6.3 to 4.6.5. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](https://github.com/lxml/lxml/compare/lxml-4.6.3...lxml-4.6.5) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- examples/threathunter/threat_intelligence/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/threathunter/threat_intelligence/requirements.txt b/examples/threathunter/threat_intelligence/requirements.txt index 50835151..eb1beb53 100644 --- a/examples/threathunter/threat_intelligence/requirements.txt +++ b/examples/threathunter/threat_intelligence/requirements.txt @@ -2,7 +2,7 @@ cybox==2.1.0.18 dataclasses>=0.6 cabby==0.1.20 stix==1.2.0.7 -lxml==4.6.3 +lxml==4.6.5 urllib3>=1.24.2 cbapi>=1.5.6 python_dateutil==2.8.1 From 5cae382b0335755eda68dab4f657d4037ca02182 Mon Sep 17 00:00:00 2001 From: Filipe Spencer Date: Thu, 16 Dec 2021 18:27:25 +0000 Subject: [PATCH 02/11] Wrap has_legacy_partition check with try/except --- src/cbapi/response/rest_api.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/cbapi/response/rest_api.py b/src/cbapi/response/rest_api.py index 408bdc78..fd8143c8 100644 --- a/src/cbapi/response/rest_api.py +++ b/src/cbapi/response/rest_api.py @@ -7,7 +7,7 @@ from distutils.version import LooseVersion from ..connection import BaseAPI from .models import Process, Binary, Watchlist, Investigation, Alert, ThreatReport, StoragePartition -from ..errors import UnauthorizedError, ApiError +from ..errors import UnauthorizedError, ApiError, ClientError from .cblr import LiveResponseSessionManager from .query import Query @@ -49,10 +49,19 @@ def __init__(self, *args, **kwargs): raise ApiError("CbEnterpriseResponseAPI only supports Cb servers version >= 5.0.0") self._has_legacy_partitions = False - if self.cb_server_version >= LooseVersion('6.0'): - legacy_partitions = [p for p in self.select(StoragePartition) if p.info.get("isLegacy", False)] - if legacy_partitions: - self._has_legacy_partitions = True + try: + if self.cb_server_version >= LooseVersion('6.0'): + legacy_partitions = [p for p in self.select(StoragePartition) if p.info.get("isLegacy", False)] + if legacy_partitions: + self._has_legacy_partitions = True + except ClientError as ce: + # If we get a 403 on this endpoint, ignore during init, + # as we will not be able to work with StoragePartitions regardless + # https://github.com/carbonblack/cbapi-python/issues/303 + if ce.error_code == 403: + pass + else: + raise ce # no intervention self._lr_scheduler = None From fdf161677a25b64e3d41e093a8cd5a739da127bf Mon Sep 17 00:00:00 2001 From: Amy Bowersox Date: Wed, 10 Feb 2021 16:07:16 -0700 Subject: [PATCH 03/11] CBAPI-1821 - initial pass on .rst files --- docs/concepts.rst | 10 +++++----- docs/defense-api.rst | 8 ++++---- docs/getting-started.rst | 6 ++++-- docs/index.rst | 14 ++++++++------ docs/installation.rst | 4 +--- docs/live-response.rst | 2 +- docs/livequery-api.rst | 10 ++++------ docs/livequery-examples.rst | 19 ++++++++++++------- docs/protection-api.rst | 3 --- docs/psc-api.rst | 20 +++++++++----------- docs/response-api.rst | 6 ------ docs/response-examples.rst | 14 +++++--------- docs/threathunter-api.rst | 13 ++++++------- 13 files changed, 59 insertions(+), 70 deletions(-) diff --git a/docs/concepts.rst b/docs/concepts.rst index 051e8796..ca093db9 100644 --- a/docs/concepts.rst +++ b/docs/concepts.rst @@ -62,9 +62,9 @@ Joining Model Objects --------------------- Many times, there are relationships between different Model Objects. To make navigating these relationships easy, -cbapi provides special properties to "join" Model Objects together. For example, a :py:mod:`cbapi.response.models.Process` -Model Object can reference the :py:mod:`cbapi.response.models.Sensor` or :py:mod:`cbapi.response.models.Binary` -associated with this Process. +cbapi provides special properties to "join" Model Objects together. For example, a +:py:mod:`cbapi.response.models.Process` Model Object can reference the :py:mod:`cbapi.response.models.Sensor` or +:py:mod:`cbapi.response.models.Binary` associated with this Process. In this case, special "join" properties are provided for you. When you use one of these properties, cbapi will automatically retrieve the associated Model Object, if necessary. @@ -186,8 +186,8 @@ represent these data types can be "created" in cbapi by using the ``create()`` m If you attempt to create a Model Object that cannot be created, you will receive a :py:mod:`ApiError` exception. -Once a Model Object is created, it's blank (it has no data). You will need to set the required properties and then call the -``.save()`` method:: +Once a Model Object is created, it's blank (it has no data). You will need to set the required properties and then call +the ``.save()`` method:: >>> bh = cb.create(BannedHash) >>> bh.text = "Banned from API" diff --git a/docs/defense-api.rst b/docs/defense-api.rst index cbf012ab..88b99d50 100644 --- a/docs/defense-api.rst +++ b/docs/defense-api.rst @@ -1,14 +1,14 @@ .. _defense_api: -CB Defense API -============== +Cloud Endpoint Standard API +=========================== -This page documents the public interfaces exposed by cbapi when communicating with a CB Defense server. +This page documents the public interfaces exposed by cbapi when communicating with a Cloud Endpoint Standard server. Main Interface -------------- -To use cbapi with Carbon Black Defense, you will be using the CBDefenseAPI. +To use cbapi with VMware Carbon Black Cloud Endpoint Standard, you will be using the CBDefenseAPI. The CBDefenseAPI object then exposes two main methods to select data on the Carbon Black server: .. autoclass:: cbapi.psc.defense.rest_api.CbDefenseAPI diff --git a/docs/getting-started.rst b/docs/getting-started.rst index 7561d356..5586cd42 100644 --- a/docs/getting-started.rst +++ b/docs/getting-started.rst @@ -4,7 +4,8 @@ Getting Started First, let's make sure that your API authentication tokens have been imported into cbapi. Once that's done, then read on for the key concepts that will explain how to interact with Carbon Black APIs via cbapi. -Feel free to follow along with this document or watch the `Development Environment Setup video `_ +Feel free to follow along with this document or watch the +`Development Environment Setup video `_ on the Developer Network website. API Authentication @@ -36,7 +37,8 @@ Alternatively, if you're using Windows (change ``c:\python27`` if Python is inst This configuration script will walk you through entering your API credentials and will save them to your current user's credential file location, which is located in the ``.carbonblack`` directory in your user's home directory. -If using cbapi-psc, you will also be asked to provide an org key. An org key is required to access the Carbon Black Cloud, and can be found in the console under Settings -> API Keys. +If using cbapi-psc, you will also be asked to provide an org key. An org key is required to access the Carbon Black +Cloud, and can be found in the console under Settings -> API Keys. Your First Query ---------------- diff --git a/docs/index.rst b/docs/index.rst index 644141c5..e0403713 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -116,7 +116,7 @@ Major Features API Credentials --------------- -CBAPI version 0.9.0 enforces the use of credential files. +CBAPI version 0.9.0 enforces the use of credential files. In order to perform any queries via the API, you will need to get the API token for your CB user. See the documentation on the Developer Network website on how to acquire the API token for @@ -130,13 +130,15 @@ Once you acquire your API token, place it in one of the default credentials file * ``~/.carbonblack/`` * ``/current_working_directory/.carbonblack/`` -For distinction between credentials of different Carbon Black products, use the following naming convention for your credentials files: +For distinction between credentials of different Carbon Black products, use the following naming convention for your +credentials files: * ``credentials.psc`` for Carbon Black Cloud Endpoint Standard, Audit & Remediation, and Enterprise EDR (CB Defense, CB LiveOps, and CB ThreatHunter) * ``credentials.response`` for Carbon Black EDR (CB Response) * ``credentials.protection`` for Carbon Black App Control (CB Protection) -For example, if you use a Carbon Black Cloud product, you should have created a credentials file in one of these locations: +For example, if you use a Carbon Black Cloud product, you should have created a credentials file in one of these +locations: * ``/etc/carbonblack/credentials.psc`` * ``~/.carbonblack/credentials.psc`` @@ -188,8 +190,8 @@ The latest CBAPI for Python supports specifying API credentials in the following The `CBAPI_URL` envar holds the FQDN of the target, an EDR (CbR), CBD, or CbD/Carbon Black Cloud server specified just as they are in the configuration file format specified above. -The optional `CBAPI_SSL_VERIFY` envar can be used to control SSL validation(True/False or 0/1), which will default to ON when -not explicitly set by the user. +The optional `CBAPI_SSL_VERIFY` envar can be used to control SSL validation(True/False or 0/1), which will default to +ON when not explicitly set by the user. For environments where complex outbound network filters and proxy configurations are used (eg. anything other than an unauthenticated or basic password authenticated proxy) a prepared `requests.Session` object may be supplied as a @@ -239,7 +241,7 @@ API Documentation ----------------- Once you have read the User Guide, you can view `examples on GitHub `_ -or try writing code of your own. You can use the full API documentation below to see all the methods available in CBAPI +or try writing code of your own. You can use the full API documentation below to see all the methods available in CBAPI and unlock the full functionality of the SDK. .. toctree:: diff --git a/docs/installation.rst b/docs/installation.rst index 7491f46b..2168e8dc 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -39,8 +39,7 @@ https://www.python.org/ftp/python/3.6.4/python-3.6.4-amd64.exe. :alt: Windows installation options showing "Add python.exe to path" :align: right -Ensure that the "Add Python to PATH" option is -checked. +Ensure that the "Add Python to PATH" option is checked. If for some reason you do not have pip installed, follow the instructions at this `handy guide `_. @@ -75,4 +74,3 @@ Once you have a copy of the source, you can install it in "development" mode int This will link the version of cbapi-python you checked out into your Python site-packages directory. Any changes you make to the checked out version of cbapi will be reflected in your local Python installation. This is a good choice if you are thinking of changing or developing on cbapi itself. - diff --git a/docs/live-response.rst b/docs/live-response.rst index 3da7e256..ddc08fd5 100644 --- a/docs/live-response.rst +++ b/docs/live-response.rst @@ -1,7 +1,7 @@ CbAPI and Live Response ======================= -Working with the CB Live Response REST API directly can be difficult. Thankfully, just like the rest of Carbon +Working with the Live Response REST API directly can be difficult. Thankfully, just like the rest of Carbon Black's REST APIs, cbapi provides Pythonic APIs to make working with the Live Response API much easier. In addition to easy-to-use APIs to call into Live Response, cbapi also provides a "job-based" interface that allows diff --git a/docs/livequery-api.rst b/docs/livequery-api.rst index d80bb872..faec5929 100644 --- a/docs/livequery-api.rst +++ b/docs/livequery-api.rst @@ -1,10 +1,9 @@ .. _livequery_api: CB LiveQuery API -=================== +================ -This page documents the public interfaces exposed by cbapi when communicating with -Carbon Black LiveQuery devices. +This page documents the public interfaces exposed by cbapi when communicating with Carbon Black LiveQuery devices. Main Interface -------------- @@ -20,9 +19,8 @@ The LiveQuery API is used in two stages: run submission and result retrieval. Queries ------- -The LiveQuery API uses QueryBuilder instances to construct structured -or unstructured (i.e., raw string) queries. You can either construct these -instances manually, or allow ``CbLiveQueryAPI.select()`` to do it for you: +The LiveQuery API uses QueryBuilder instances to construct structured or unstructured (i.e., raw string) queries. +You can either construct these instances manually, or allow ``CbLiveQueryAPI.select()`` to do it for you: .. autoclass:: cbapi.psc.livequery.query.QueryBuilder :members: diff --git a/docs/livequery-examples.rst b/docs/livequery-examples.rst index a786889f..f3f88262 100644 --- a/docs/livequery-examples.rst +++ b/docs/livequery-examples.rst @@ -14,14 +14,14 @@ Now that we've imported the necessary libraries, we can perform some queries on Create a Query Run ---------------------------------- -Let's create a Query Run. First, we specify which profile to use for authentication from our credentials.psc file and create the LiveQuery object. +Let's create a Query Run. First, we specify which profile to use for authentication from our credentials.psc file and +create the LiveQuery object. >>> profile = "default' >>> cb = CbLiveQueryAPI(profile=profile) Now, we specify the SQL query that we want to run, name of the run, device IDs, and device types. - >>> sql = 'select * from logged_in_users;' >>> name_of_run = 'Selecting all logged in users' >>> device_ids = '1234567' @@ -41,7 +41,8 @@ Finally, we submit the query and print the results. This query should return all logged in Windows endpoints with a ``device_id`` of ``1234567``. -The same query can be executed with the example script `manage_run.py `_. :: +The same query can be executed with the example script +`manage_run.py `_. :: python manage_run.py --profile default create --sql 'select * from logged_in_users;' --name 'Selecting all logged in users' --device_ids '1234567' --device_types 'WINDOWS' @@ -50,7 +51,8 @@ Other possible arguments to ``manage_run.py`` include ``--notify`` and ``--polic Get Query Run Status --------------------- -Now that we've created a Query Run, let's check the status. If we haven't already authenticated with a credentials profile, we begin by specifying which profile to authenticate with. +Now that we've created a Query Run, let's check the status. If we haven't already authenticated with a credentials +profile, we begin by specifying which profile to authenticate with. >>> profile = 'default' >>> cb = CbLiveQueryAPI(profile=profile) @@ -61,11 +63,13 @@ Next, we select the run with the unique run ID. >>> run = cb.select(Run, run_id) >>> print(run) -This can also be accomplished with the example script `manage_run.py `_:: +This can also be accomplished with the example script +`manage_run.py `_:: python manage_run.py --profile default --id a4oh4fqtmrr8uxrdj6mm0mbjsyhdhhvz -In addition, you can specify which order you want results returned. To change from the default ascending order, use the flag ``-d`` or ``--descending_results``:: +In addition, you can specify which order you want results returned. To change from the default ascending order, use +the flag ``-d`` or ``--descending_results``:: python manage_run.py --profile default --id a4oh4fqtmrr8uxrdj6mm0mbjsyhdhhvz --descending_results @@ -105,6 +109,7 @@ Finally, we print the results. ... print(result) -You can also retrieve run results with the example script `run_search.py `_:: +You can also retrieve run results with the example script +`run_search.py `_:: python run_search.py --profile default --id a4oh4fqtmrr8uxrdj6mm0mbjsyhdhhvz --device_ids '1234567' --status 'matched' diff --git a/docs/protection-api.rst b/docs/protection-api.rst index b7dd44bf..1799bb5a 100644 --- a/docs/protection-api.rst +++ b/docs/protection-api.rst @@ -3,9 +3,6 @@ Carbon Black App Control (CB Protection) API =========================================== -This page documents the public interfaces exposed by cbapi when communicating with a Carbon Black App Control (Enterprise -Protection) server. - Main Interface -------------- diff --git a/docs/psc-api.rst b/docs/psc-api.rst index 891f3563..25ca80cf 100755 --- a/docs/psc-api.rst +++ b/docs/psc-api.rst @@ -1,15 +1,14 @@ .. _psc_api: -CB PSC API -========== +VMware Carbon Black Cloud API +============================= -This page documents the public interfaces exposed by cbapi when communicating with -the Carbon Black Predictive Security Cloud (PSC). +This page documents the public interfaces exposed by cbapi when communicating with the VMware Carbon Black Cloud. Main Interface -------------- -To use cbapi with the Carbon Black PSC, you use CbPSCBaseAPI objects. +To use cbapi with the VMware Carbon Black Cloud, you use CbPSCBaseAPI objects. .. autoclass:: cbapi.psc.rest_api.CbPSCBaseAPI :members: @@ -18,7 +17,7 @@ To use cbapi with the Carbon Black PSC, you use CbPSCBaseAPI objects. Device API ---------- -The PSC can be used to enumerate devices within your organization, and change their +The Carbon Black Cloud can be used to enumerate devices within your organization, and change their status via a control request. You can use the select() method on the CbPSCBaseAPI to create a query object for @@ -45,12 +44,11 @@ Selects all devices running Linux from the current organization. Alerts API ---------- -Using the API, you can search for alerts within your organization, and dismiss or -undismiss them, either individually or in bulk. +Using the API, you can search for alerts within your organization, and dismiss or undismiss them, either individually +or in bulk. -You can use the select() method on the CbPSCBaseAPI to create a query object for -BaseAlert objects, which can be used to locate a list of alerts. You can also -search for more specialized alert types: +You can use the select() method on the CbPSCBaseAPI to create a query object for BaseAlert objects, which can be used +to locate a list of alerts. You can also search for more specialized alert types: * CBAnalyticsAlert - Alerts from CB Analytics * VMwareAlert - Alerts from VMware diff --git a/docs/response-api.rst b/docs/response-api.rst index bca619b8..24761824 100644 --- a/docs/response-api.rst +++ b/docs/response-api.rst @@ -3,9 +3,6 @@ EDR (CB Response) API =============== -This page documents the public interfaces exposed by cbapi when communicating with a Carbon Black EDR (Enterprise -Response) server. - Main Interface -------------- @@ -77,6 +74,3 @@ Process Operations .. automethod:: cbapi.live_response_api.CbLRSessionBase.kill_process .. automethod:: cbapi.live_response_api.CbLRSessionBase.create_process .. automethod:: cbapi.live_response_api.CbLRSessionBase.list_processes - - - diff --git a/docs/response-examples.rst b/docs/response-examples.rst index 2ea709b0..6cbd0da1 100644 --- a/docs/response-examples.rst +++ b/docs/response-examples.rst @@ -1,10 +1,6 @@ EDR (CB Response) API Examples ============================== -Now that we've covered the basics, let's step through a few examples using the EDR (CB Response) API. In these examples, -we will assume the following boilerplate code to enable logging and establish a connection to the "default" -EDR (CB Response) server in our credential file:: - >>> import logging >>> root = logging.getLogger() >>> root.addHandler(logging.StreamHandler()) @@ -246,7 +242,7 @@ the command name ``cmd.exe``. Just add the ``.group_by("id")`` filter to your qu Feed and Watchlist Maintenance ------------------------------ -The cbapi provides several helper functions to assist in creating watchlists and +The cbapi provides several helper functions to assist in creating watchlists and feeds. Watchlists are simply saved Queries that are automatically run on the EDR (CB Response) server on a periodic basis. Results of the watchlist are tagged in the database and optionally trigger alerts. Therefore, a cbapi Query can easily be @@ -295,9 +291,10 @@ The cbapi provides helper functions to manage alerts and threat reports in bulk. the ThreatReport and Alert Model Objects provide a few bulk operations to help manage large numbers of Threat Reports and Alerts, respectively. -To mark a large number of Threat Reports as false positives, create a query that matches the Reports you're interested in. -For example, if every Report from the Feed named "SOC" that contains the word "FUZZYWOMBAT" in the report title should be -considered a false positive (and no longer trigger Alerts), you can write the following code to do so:: +To mark a large number of Threat Reports as false positives, create a query that matches the Reports you're +interested in. For example, if every Report from the Feed named "SOC" that contains the word "FUZZYWOMBAT" in the +report title should be considered a false positive (and no longer trigger Alerts), you can write the following code +to do so:: >>> feed = c.select(Feed).where("name:SOC").one() >>> report_query = feed.reports.where("title:FUZZYWOMBAT") @@ -429,4 +426,3 @@ How about moving a sensor to a new Sensor Group:: Sending HTTP PUT /api/v1/sensor/3 with {"boot_id": "2", "build_id": 2, "build_version_string": "005.002.000.60922", ... HTTP PUT /api/v1/sensor/3 took 0.087s (response 204) HTTP GET /api/v1/sensor/3 took 0.030s (response 200) - diff --git a/docs/threathunter-api.rst b/docs/threathunter-api.rst index 25a399d5..858aa1ef 100644 --- a/docs/threathunter-api.rst +++ b/docs/threathunter-api.rst @@ -1,17 +1,16 @@ .. _threathunter_api: -CB ThreatHunter API -=================== +VMware Carbon Black Cloud Enterprise EDR API +============================================ This page documents the public interfaces exposed by cbapi when communicating with a -Carbon Black Cloud ThreatHunter server. +VMware Carbon Black Cloud Enterprise EDR server. Main Interface -------------- -To use cbapi with Carbon Black ThreatHunter, you use CbThreatHunterAPI objects. -These objects expose two main methods to access data on the -ThreatHunter server: ``select`` and ``create``. +To use cbapi with Enterprise EDR, you use CbThreatHunterAPI objects. +These objects expose two main methods to access data on the Enterprise EDR server: ``select`` and ``create``. .. autoclass:: cbapi.psc.threathunter.rest_api.CbThreatHunterAPI :members: @@ -20,7 +19,7 @@ ThreatHunter server: ``select`` and ``create``. Queries ------- -The ThreatHunter API uses QueryBuilder instances to construct structured +The Enterprise EDR API uses QueryBuilder instances to construct structured or unstructured (i.e., raw string) queries. You can either construct these instances manually, or allow ``CbThreatHunterAPI.select()`` to do it for you: From d5af680a65b0c16fdac719454b7db3a1573b6e3f Mon Sep 17 00:00:00 2001 From: Amy Bowersox Date: Thu, 11 Feb 2021 11:40:59 -0700 Subject: [PATCH 04/11] CBAPI-1821: additional terminology removal and change, including in docstrings --- docs/index.rst | 6 +-- docs/live-response.rst | 1 - src/cbapi/protection/rest_api.py | 32 +++++++------- src/cbapi/psc/defense/rest_api.py | 15 +++---- src/cbapi/psc/threathunter/models.py | 10 ++--- src/cbapi/psc/threathunter/query.py | 8 ++-- src/cbapi/psc/threathunter/rest_api.py | 6 +-- src/cbapi/response/models.py | 58 +++++++++++++------------- src/cbapi/response/query.py | 8 ++-- src/cbapi/response/rest_api.py | 21 +++++----- 10 files changed, 82 insertions(+), 83 deletions(-) diff --git a/docs/index.rst b/docs/index.rst index e0403713..4fbc9f57 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -13,7 +13,7 @@ This library provides a Pythonic layer to access the raw power of the REST APIs >>> from cbapi.response import CbResponseAPI, Process, Binary, Sensor >>> # - >>> # Create our CbAPI object + >>> # Create our EDR API object >>> # >>> c = CbResponseAPI() >>> # @@ -43,7 +43,7 @@ If you're a Carbon Black App Control customer (formerly CB Protection), you may >>> from cbapi.protection.models import FileInstance >>> from cbapi.protection import CbProtectionAPI >>> # - >>> # Create our CB Protection API object + >>> # Create our App Control API object >>> # >>> p = CbProtectionAPI() >>> # @@ -65,7 +65,7 @@ As of version 1.2, CBAPI also supports Carbon Black Cloud Endpoint Standard (for >>> from cbapi.psc.defense import * >>> # - >>> # Create our CB Defense API object + >>> # Create our Cloud Endpoint Standard API object >>> # >>> p = CbDefenseAPI() >>> # diff --git a/docs/live-response.rst b/docs/live-response.rst index ddc08fd5..69c87fb7 100644 --- a/docs/live-response.rst +++ b/docs/live-response.rst @@ -92,4 +92,3 @@ back from the endpoint, and submit the ``.run()`` method to the Live Response Jo Your script resumes execution immediately after the call to ``.submit_job()``. The job(s) that you've submitted will be executed in a set of background threads managed by cbapi. - diff --git a/src/cbapi/protection/rest_api.py b/src/cbapi/protection/rest_api.py index f3fa6c0a..3ee1f166 100644 --- a/src/cbapi/protection/rest_api.py +++ b/src/cbapi/protection/rest_api.py @@ -11,15 +11,15 @@ class CbProtectionAPI(BaseAPI): - """The main entry point into the Carbon Black Enterprise Protection API. + """The main entry point into the Carbon Black App Control API. :param str profile: (optional) Use the credentials in the named profile when connecting to the Carbon Black server. Uses the profile named 'default' when not specified. Usage:: - >>> from cbapi import CbEnterpriseProtectionAPI - >>> cb = CbEnterpriseProtectionAPI(profile="production") + >>> from cbapi import CbProtectionAPI + >>> cb = CbProtectionAPI(profile="production") """ def __init__(self, *args, **kwargs): super(CbProtectionAPI, self).__init__(product_name="protection", *args, **kwargs) @@ -76,11 +76,11 @@ class CbEnterpriseProtectionAPI(CbProtectionAPI): class Query(PaginatedQuery): - """Represents a prepared query to the Carbon Black Enterprise Protection server. + """Represents a prepared query to the Carbon Black App Control server. - This object is returned as part of a :py:meth:`CbEnterpriseProtectionAPI.select` + This object is returned as part of a :py:meth:`CbProtectionAPI.select` operation on models requested from the Carbon Black - Enterprise Protection server. You should not have to create this class yourself. + App Control server. You should not have to create this class yourself. The query is not executed on the server until it's accessed, either as an iterator (where it will generate values on demand as they're requested) or as a list (where it will retrieve the entire result set and save to a list). @@ -88,12 +88,12 @@ class Query(PaginatedQuery): the query. The syntax for query :py:meth:where and :py:meth:sort methods can be found in the - `Enterprise Protection API reference`_ posted on the Carbon Black Developer Network website. + `App Control REST API reference`_ posted on the Carbon Black Developer Network website. Examples:: - >>> from cbapi.protection import CbEnterpriseProtectionAPI, Computer - >>> cb = CbEnterpriseProtectionAPI() + >>> from cbapi.protection import CbProtectionAPI, Computer + >>> cb = CbProtectionAPI() >>> query = cb.select(Computer) # returns a Query object matching all Computers >>> query = query.where("ipAddress:10.201.2.*") # add a filter to this Query >>> query = query.sort("processorSpeed DESC") # sort by computer processor speed, descending @@ -108,7 +108,7 @@ class Query(PaginatedQuery): - You can chain where clauses together to create AND queries; only objects that match all ``where`` clauses will be returned. - .. _Enterprise Protection API reference: + .. _App Control REST API reference: https://developer.carbonblack.com/reference/enterprise-protection/8.0/rest-api/ """ def __init__(self, doc_class, cb, query=None): @@ -134,11 +134,11 @@ def _clone(self): def where(self, q): """Add a filter to this query. - :param str q: Query string - see the `Enterprise Protection API reference`_. + :param str q: Query string - see the `App Control REST API reference`_. :return: Query object :rtype: :py:class:`Query` - .. _Enterprise Protection API reference: + .. _App Control REST API reference: https://developer.carbonblack.com/reference/enterprise-protection/8.0/rest-api/ """ nq = self._clone() @@ -148,11 +148,11 @@ def where(self, q): def and_(self, q): """Add a filter to this query. Equivalent to calling :py:meth:`where` on this object. - :param str q: Query string - see the `Enterprise Protection API reference`_. + :param str q: Query string - see the `App Control REST API reference`_. :return: Query object :rtype: :py:class:`Query` - .. _Enterprise Protection API reference: + .. _App Control REST API reference: https://developer.carbonblack.com/reference/enterprise-protection/8.0/rest-api/ """ return self.where(q) @@ -160,11 +160,11 @@ def and_(self, q): def sort(self, new_sort): """Set the sort order for this query. - :param str new_sort: Sort order - see the `Enterprise Protection API reference`_. + :param str new_sort: Sort order - see the `App Control REST API reference`_. :return: Query object :rtype: :py:class:`Query` - .. _Enterprise Protection API reference: + .. _App Control REST API reference: https://developer.carbonblack.com/reference/enterprise-protection/8.0/rest-api/ """ new_sort = new_sort.strip() diff --git a/src/cbapi/psc/defense/rest_api.py b/src/cbapi/psc/defense/rest_api.py index 37a628a2..2368e754 100644 --- a/src/cbapi/psc/defense/rest_api.py +++ b/src/cbapi/psc/defense/rest_api.py @@ -14,7 +14,7 @@ def convert_to_kv_pairs(q): class CbDefenseAPI(CbPSCBaseAPI): - """The main entry point into the Cb Defense API. + """The main entry point into the Carbon Black Cloud Endpoint Standard Defense API. :param str profile: (optional) Use the credentials in the named profile when connecting to the Carbon Black server. Uses the profile named 'default' when not specified. @@ -32,8 +32,8 @@ def _perform_query(self, cls, query_string=None): return Query(cls, self, query_string) def notification_listener(self, interval=60): - """Generator to continually poll the Cb Defense server for notifications (alerts). Note that this can only - be used with a 'SIEM' key generated in the Cb Defense console. + """Generator to continually poll the Cloud Endpoint Standard server for notifications (alerts). Note that + this can only be used with a 'SIEM' key generated in the Carbon Black Cloud console. """ while True: for notification in self.get_notifications(): @@ -41,8 +41,8 @@ def notification_listener(self, interval=60): time.sleep(interval) def get_notifications(self): - """Retrieve queued notifications (alerts) from the Cb Defense server. Note that this can only be used - with a 'SIEM' key generated in the Cb Defense console. + """Retrieve queued notifications (alerts) from the Cloud Endpoint Standard server. Note that this can only be + used with a 'SIEM' key generated in the Carbon Black Cloud console. :returns: list of dictionary objects representing the notifications, or an empty list if none available. """ @@ -59,10 +59,11 @@ def get_auditlogs(self): class Query(PaginatedQuery): - """Represents a prepared query to the Cb Defense server. + """Represents a prepared query to the Cloud Endpoint Standard server. This object is returned as part of a :py:meth:`CbDefenseAPI.select` - operation on models requested from the Cb Defense server. You should not have to create this class yourself. + operation on models requested from the Cloud Endpoint Standardserver. You should not have to create + this class yourself. The query is not executed on the server until it's accessed, either as an iterator (where it will generate values on demand as they're requested) or as a list (where it will retrieve the entire result set and save to a list). diff --git a/src/cbapi/psc/threathunter/models.py b/src/cbapi/psc/threathunter/models.py index de2aac50..1ac3f31d 100644 --- a/src/cbapi/psc/threathunter/models.py +++ b/src/cbapi/psc/threathunter/models.py @@ -254,7 +254,7 @@ def __init__(self, cb, model_unique_id=None, initial_data=None): self._reports = [Report(cb, initial_data=report, feed_id=feed_id) for report in reports] def save(self, public=False): - """Saves this feed on the ThreatHunter server. + """Saves this feed on the Enterprise EDR server. :param public: Whether to make the feed publicly available :return: The saved feed @@ -294,7 +294,7 @@ def validate(self): report.validate() def delete(self): - """Deletes this feed from the ThreatHunter server. + """Deletes this feed from the Enterprise EDR server. :raise InvalidObjectError: if `id` is missing """ @@ -501,7 +501,7 @@ def update(self, **kwargs): return self def delete(self): - """Deletes this report from the ThreatHunter server. + """Deletes this report from the Enterprise EDR server. >>> report.delete() @@ -822,7 +822,7 @@ def __init__(self, cb, model_unique_id=None, initial_data=None): force_init=False, full_doc=True) def save(self): - """Saves this watchlist on the ThreatHunter server. + """Saves this watchlist on the Enterprise EDR server. :return: The saved watchlist :rtype: :py:class:`Watchlist` @@ -888,7 +888,7 @@ def classifier_(self): return (classifier_dict["key"], classifier_dict["value"]) def delete(self): - """Deletes this watchlist from the ThreatHunter server. + """Deletes this watchlist from the Enterprise EDR server. :raise InvalidObjectError: if `id` is missing """ diff --git a/src/cbapi/psc/threathunter/query.py b/src/cbapi/psc/threathunter/query.py index 5990db96..ae2b1516 100644 --- a/src/cbapi/psc/threathunter/query.py +++ b/src/cbapi/psc/threathunter/query.py @@ -12,8 +12,8 @@ class QueryBuilder(object): """ - Provides a flexible interface for building prepared queries for the CB - ThreatHunter backend. + Provides a flexible interface for building prepared queries for the Carbon Black + Enterprise EDR backend. This object can be instantiated directly, or can be managed implicitly through the :py:meth:`CbThreatHunterAPI.select` API. @@ -157,10 +157,10 @@ def _collapse(self): class Query(PaginatedQuery): - """Represents a prepared query to the Cb ThreatHunter backend. + """Represents a prepared query to the Carbon Black Enterprise EDR backend. This object is returned as part of a :py:meth:`CbThreatHunterPI.select` - operation on models requested from the Cb ThreatHunter backend. You should not have to create this class yourself. + operation on models requested from the Enterprise EDR backend. You should not have to create this class yourself. The query is not executed on the server until it's accessed, either as an iterator (where it will generate values on demand as they're requested) or as a list (where it will retrieve the entire result set and save to a list). diff --git a/src/cbapi/psc/threathunter/rest_api.py b/src/cbapi/psc/threathunter/rest_api.py index 8de417bc..b163d6ba 100644 --- a/src/cbapi/psc/threathunter/rest_api.py +++ b/src/cbapi/psc/threathunter/rest_api.py @@ -8,7 +8,7 @@ class CbThreatHunterAPI(CbPSCBaseAPI): - """The main entry point into the Carbon Black Cloud ThreatHunter API. + """The main entry point into the Carbon Black Cloud Enterprise EDR API. :param str profile: (optional) Use the credentials in the named profile when connecting to the Carbon Black server. Uses the profile named 'default' when not specified. @@ -60,7 +60,7 @@ def validate_query(self, query): return resp.get("valid", False) def convert_query(self, query): - """Converts a legacy CB Response query to a ThreatHunter query. + """Converts a legacy Carbon Black EDR query to an Enterprise EDR query. :param str query: the query to convert :return: the converted query @@ -87,7 +87,7 @@ def custom_severities(self): def queries(self): """Retrieves a list of queries, active or complete, known by - the ThreatHunter server. + the Enterprise EDR server. :return: a list of query ids :rtype: list(str) diff --git a/src/cbapi/response/models.py b/src/cbapi/response/models.py index 42150bdb..06e07217 100755 --- a/src/cbapi/response/models.py +++ b/src/cbapi/response/models.py @@ -714,21 +714,21 @@ def os(self): @property def registration_time(self): """ - Returns the time the sensor registered with the Cb Response Server + Returns the time the sensor registered with the EDR Server """ return convert_from_cb(getattr(self, 'registration_time', -1)) @property def sid(self): """ - Security Identifier being used by the Cb Response Sensor + Security Identifier being used by the EDR Sensor """ return getattr(self, 'computer_sid') @property def webui_link(self): """ - Returns the Cb Response Web UI link associated with this Sensor + Returns the Carbon Black EDR Web UI link associated with this Sensor """ return '{0:s}/#/host/{1}'.format(self._cb.url, self._model_unique_id) @@ -736,7 +736,7 @@ def webui_link(self): @property def queued_stats(self): """ - Returns a list of status and size of the queued event logs from the associated Cb Response Sensor + Returns a list of status and size of the queued event logs from the associated EDR Sensor :example: @@ -755,14 +755,14 @@ def queued_stats(self): @property def activity_stats(self): """ - Returns a list of activity statistics from the associated Cb Response Sensor + Returns a list of activity statistics from the associated EDR Sensor """ return self._cb.get_object("{0}/activity".format(self._build_api_request_uri()), default=[]) @property def resource_status(self): """ - Returns a list of memory statistics used by the Cb Response Sensor + Returns a list of memory statistics used by the EDR Sensor """ return self._cb.get_object("{0}/resourcestatus".format(self._build_api_request_uri()), default=[]) @@ -782,9 +782,9 @@ def lr_session(self): def flush_events(self): """ - Performs a flush of events for this Cb Response Sensor + Performs a flush of events for this EDR Sensor - :warning: This may cause a significant amount of network traffic from this sensor to the Cb Response Server + :warning: This may cause a significant amount of network traffic from this sensor to the EDR Server """ # Note that Cb Response 6 requires the date/time stamp to be sent in RFC822 format (not ISO 8601). @@ -796,7 +796,7 @@ def restart_sensor(self): """ Restarts the Carbon Black sensor (*not* the underlying endpoint operating system). - This simply sets the flag to ask the sensor to restart the next time it checks into the Cb Response server, + This simply sets the flag to ask the sensor to restart the next time it checks into the EDR server, it does not wait for the sensor to restart. """ self.restart_queued = True @@ -804,7 +804,7 @@ def restart_sensor(self): def isolate(self, timeout=None): """ - Turn on network isolation for this Cb Response Sensor. + Turn on network isolation for this EDR Sensor. This function will block and only return when the isolation is complete, or if a timeout is reached. By default, there is no timeout. You can specify a timeout period (in seconds) in the "timeout" parameter to this @@ -829,7 +829,7 @@ def isolate(self, timeout=None): def unisolate(self, timeout=None): """ - Turn off network isolation for this Cb Response Sensor. + Turn off network isolation for this EDR Sensor. This function will block and only return when the isolation is removed, or if a timeout is reached. By default, there is no timeout. You can specify a timeout period (in seconds) in the "timeout" parameter to this @@ -1515,8 +1515,8 @@ def group_by(self, field_name): """Set the group-by field name for this query. Typically, you will want to set this to 'id' if you only want one result per process. - This method is only available for Cb Response servers 6.0 and above. Calling this on a Query object connected - to a Cb Response 5.x server will simply result in a no-op. + This method is only available for EDR servers 6.0 and above. Calling this on a Query object connected + to a EDR 5.x server will simply result in a no-op. :param str field_name: Field name to group the result set by. :return: Query object @@ -1533,8 +1533,8 @@ def group_by(self, field_name): def max_children(self, num_children): """Sets the number of children to fetch with the process - This method is only available for Cb Response servers 6.0 and above. Calling this on a Query object connected - to a Cb Response 5.x server will simply result in a no-op. + This method is only available for EDR servers 6.0 and above. Calling this on a Query object connected + to a EDR 5.x server will simply result in a no-op. :default: 15 :param int num_children: Number of children to fetch with process @@ -1564,8 +1564,8 @@ def min_last_update(self, v): This option will limit the number of Solr cores that need to be searched for events that match the query. - This method is only available for Cb Response servers 6.0 and above. Calling this on a Query object connected - to a Cb Response 5.x server will simply result in a no-op. + This method is only available for EDR servers 6.0 and above. Calling this on a Query object connected + to a EDR 5.x server will simply result in a no-op. :param str v: Timestamp (either string or datetime object). :return: Query object @@ -1590,8 +1590,8 @@ def min_last_server_update(self, v): This option will limit the number of Solr cores that need to be searched for events that match the query. - This method is only available for Cb Response servers 6.0 and above. Calling this on a Query object connected - to a Cb Response 5.x server will simply result in a no-op. + This method is only available for EDR servers 6.0 and above. Calling this on a Query object connected + to a EDR 5.x server will simply result in a no-op. :param str v: Timestamp (either string or datetime object). :return: Query object @@ -1616,8 +1616,8 @@ def max_last_update(self, v): This option will limit the number of Solr cores that need to be searched for events that match the query. - This method is only available for Cb Response servers 6.0 and above. Calling this on a Query object connected - to a Cb Response 5.x server will simply result in a no-op. + This method is only available for EDR servers 6.0 and above. Calling this on a Query object connected + to a EDR 5.x server will simply result in a no-op. :param str v: Timestamp (either string or datetime object). :return: Query object @@ -1642,8 +1642,8 @@ def max_last_server_update(self, v): This option will limit the number of Solr cores that need to be searched for events that match the query. - This method is only available for Cb Response servers 6.0 and above. Calling this on a Query object connected - to a Cb Response 5.x server will simply result in a no-op. + This method is only available for EDR servers 6.0 and above. Calling this on a Query object connected + to a EDR 5.x server will simply result in a no-op. :param str v: Timestamp (either string or datetime object). :return: Query object @@ -1754,7 +1754,7 @@ def _build_api_request_uri(self): @property def webui_link(self): """ - Returns the Cb Response Web UI link associated with this Binary object + Returns the Carbon Black EDR Web UI link associated with this Binary object """ return '{0:s}/#binary/{1:s}'.format(self._cb.url, self.md5sum) @@ -1943,7 +1943,7 @@ def icon(self): @property def banned(self): """ - Returns *BannedHash* object if this Binary's hash has been whitelisted (Banned), otherwise returns *False* + Returns *BannedHash* object if this Binary's hash has been banned, otherwise returns *False* """ try: bh = self._cb.select(BannedHash, self.md5sum.lower()) @@ -2527,7 +2527,7 @@ def walk_children(self, callback, max_depth=0, depth=0): @property def parent_md5(self): """ - Workaround since parent_md5 silently disappeared in ~Cb Response 6.x + Workaround since parent_md5 silently disappeared in EDR 6.x """ return self.parent.process_md5 @@ -2862,7 +2862,7 @@ def binary(self): @property def comms_ip(self): """ - Returns ascii representation of the ip address used to communicate with the Cb Response Server + Returns ascii representation of the ip address used to communicate with the EDR Server """ try: ip_address = socket.inet_ntoa(struct.pack('>i', self._attribute('comms_ip', 0))) @@ -2874,7 +2874,7 @@ def comms_ip(self): @property def interface_ip(self): """ - Returns ascii representation of the ip address of the interface used to communicate with the Cb Response server. + Returns ascii representation of the ip address of the interface used to communicate with the EDR server. If using NAT, this will be the "internal" IP address of the sensor. """ try: @@ -2953,7 +2953,7 @@ def sensor(self): @property def webui_link(self): """ - Returns the Cb Response Web UI link associated with this process + Returns the Carbon Black EDR Web UI link associated with this process """ if not self.suppressed_process: return '%s/#analyze/%s/%s' % (self._cb.url, self.id, self.current_segment) diff --git a/src/cbapi/response/query.py b/src/cbapi/response/query.py index 8d71221d..9d96a629 100644 --- a/src/cbapi/response/query.py +++ b/src/cbapi/response/query.py @@ -11,11 +11,11 @@ class Query(PaginatedQuery): - """Represents a prepared query to the Carbon Black Enterprise Response server. + """Represents a prepared query to the Carbon Black EDR server. - This object is returned as part of a :py:meth:`CbEnterpriseResponseAPI.select` + This object is returned as part of a :py:meth:`CbResponseAPI.select` operation on Process and Binary objects from the Carbon Black - Enterprise Response server. You should not have to create this class yourself. + EDR server. You should not have to create this class yourself. The query is not executed on the server until it's accessed, either as an iterator (where it will generate values on demand as they're requested) or as a list (where it will retrieve the entire result set and save to a list). @@ -28,7 +28,7 @@ class Query(PaginatedQuery): Examples:: - >>> cb = CbEnterpriseResponseAPI() + >>> cb = CbResponseAPI() >>> query = cb.select(Process) # returns a Query object matching all Processes >>> query = query.where("process_name:notepad.exe") # add a filter to this Query >>> query = query.sort("last_update desc") # sort by last update time, most recent first diff --git a/src/cbapi/response/rest_api.py b/src/cbapi/response/rest_api.py index 408bdc78..a19ed8d5 100644 --- a/src/cbapi/response/rest_api.py +++ b/src/cbapi/response/rest_api.py @@ -17,7 +17,7 @@ class CbResponseAPI(BaseAPI): - """The main entry point into the Carbon Black Enterprise Response API. + """The main entry point into the Carbon Black EDR API. Note that calling this will automatically connect to the Carbon Black server in order to verify connectivity and get the server version. @@ -30,8 +30,8 @@ class CbResponseAPI(BaseAPI): Usage:: - >>> from cbapi import CbEnterpriseResponseAPI - >>> cb = CbEnterpriseResponseAPI(profile="production") + >>> from cbapi import CbResponseAPI + >>> cb = CbResponseAPI(profile="production") """ def __init__(self, *args, **kwargs): timeout = kwargs.pop("timeout", 120) # set default timeout period to two minutes, 2x the default nginx timeout @@ -66,7 +66,7 @@ def live_response(self): return self._lr_scheduler def info(self): - """Retrieve basic version information from the Carbon Black Enterprise Response server. + """Retrieve basic version information from the Carbon Black DER server. :return: Dictionary with information retrieved from the ``/api/info`` API route :rtype: dict @@ -75,7 +75,7 @@ def info(self): return r.json() def dashboard_statistics(self): - """Retrieve dashboard statistics from the Carbon Black Enterprise Response server. + """Retrieve dashboard statistics from the Carbon Black EDR server. :return: Dictionary with information retrieved from the ``/api/v1/dashboard/statistics`` API route :rtype: dict @@ -84,7 +84,7 @@ def dashboard_statistics(self): return r.json() def license_request(self): - """Retrieve license request block from the Carbon Black Enterprise Response server. + """Retrieve license request block from the Carbon Black EDR server. :return: License request block :rtype: str @@ -93,7 +93,7 @@ def license_request(self): return r.json().get("license_request_block", "") def update_license(self, license_block): - """Upload new license to the Carbon Black Enterprise Response server. + """Upload new license to the Carbon Black EDR server. :param str license_block: Licence block provided by Carbon Black support :raises ServerError: if the license is not accepted by the Carbon Black server @@ -108,14 +108,13 @@ def _perform_query(self, cls, **kwargs): return Query(cls, self, **kwargs) def from_ui(self, uri): - """Retrieve a Carbon Black Enterprise Response object based on URL from the Carbon Black Enterprise Response - web user interface. + """Retrieve a Carbon Black EDR object based on URL from the Carbon Black EDR web user interface. For example, calling this function with ``https://server/#/analyze/00000001-0000-0554-01d1-3bc4553b8c9f/1`` as the ``uri`` argument will return a new :py:class: cbapi.response.models.Process class initialized with the process GUID from the URL. - :param str uri: Web browser URL from the Cb web interface + :param str uri: Web browser URL from the CB web interface :return: the appropriate model object for the URL provided :raises ApiError: if the URL does not correspond to a recognized model object """ @@ -166,7 +165,7 @@ def _request_lr_session(self, sensor_id): return self.live_response.request_session(sensor_id) def create_new_partition(self): - """Create a new Solr time partition for event storage. Available in Cb Response 6.1 and above. + """Create a new Solr time partition for event storage. Available in Carbon Black EDR 6.1 and above. This will force roll-over current hot partition into warm partition (by renaming it to a time-stamped name) and create a new hot partition ("writer"). From 6b1f13ed9ae6d619eef38f19f8b4ece6bd9eabf0 Mon Sep 17 00:00:00 2001 From: Amy Bowersox Date: Thu, 11 Feb 2021 13:03:17 -0700 Subject: [PATCH 05/11] added in a missing space (thanks Lisa!) --- src/cbapi/psc/defense/rest_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cbapi/psc/defense/rest_api.py b/src/cbapi/psc/defense/rest_api.py index 2368e754..68c5abcd 100644 --- a/src/cbapi/psc/defense/rest_api.py +++ b/src/cbapi/psc/defense/rest_api.py @@ -62,7 +62,7 @@ class Query(PaginatedQuery): """Represents a prepared query to the Cloud Endpoint Standard server. This object is returned as part of a :py:meth:`CbDefenseAPI.select` - operation on models requested from the Cloud Endpoint Standardserver. You should not have to create + operation on models requested from the Cloud Endpoint Standard server. You should not have to create this class yourself. The query is not executed on the server until it's accessed, either as an iterator (where it will generate values From 273c311ebea2fa4d9451c4ac71de68815914d528 Mon Sep 17 00:00:00 2001 From: Kylie Ebringer Date: Fri, 17 Dec 2021 09:55:16 -0700 Subject: [PATCH 06/11] Changing sensor to return paginated query per suggestion on 301 --- src/cbapi/response/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cbapi/response/models.py b/src/cbapi/response/models.py index 06e07217..c64bbff8 100755 --- a/src/cbapi/response/models.py +++ b/src/cbapi/response/models.py @@ -658,7 +658,7 @@ def _query_implementation(cls, cb): # return SensorPaginatedQuery(cls, cb) # else: # return SensorQuery(cls, cb) - return SensorQuery(cls, cb) + return SensorPaginatedQuery(cls, cb) @property def group(self): From b801ee391b424326c5cca2b7cf76e7b19a32c497 Mon Sep 17 00:00:00 2001 From: Kylie Ebringer Date: Fri, 17 Dec 2021 10:14:09 -0700 Subject: [PATCH 07/11] Release notes in preparation of next CBAPI release --- docs/changelog.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/changelog.rst b/docs/changelog.rst index 5d20226b..78013232 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -2,6 +2,17 @@ CbAPI Changelog =============== .. top-of-changelog (DO NOT REMOVE THIS COMMENT) +CbAPI 1.7.65- Planned Release Dec 17, 2021 +------------------------------------ + +Bug Fixes + * Removed the requirement for an admin token to connect + * Added sensor paginated query + +General + * Updated version of lxml library + + CbAPI 1.7.5 - Released June 16, 2021 ------------------------------------ From 1aa2a09c2c5a16259052122ec64a8a8ae2bf97da Mon Sep 17 00:00:00 2001 From: Kylie Ebringer Date: Fri, 17 Dec 2021 12:41:37 -0700 Subject: [PATCH 08/11] Fixed indentation --- src/cbapi/response/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cbapi/response/models.py b/src/cbapi/response/models.py index c64bbff8..d336acf3 100755 --- a/src/cbapi/response/models.py +++ b/src/cbapi/response/models.py @@ -658,7 +658,7 @@ def _query_implementation(cls, cb): # return SensorPaginatedQuery(cls, cb) # else: # return SensorQuery(cls, cb) - return SensorPaginatedQuery(cls, cb) + return SensorPaginatedQuery(cls, cb) @property def group(self): From 7721b1628143aeb72d205cd05abae10f3e0aaa97 Mon Sep 17 00:00:00 2001 From: Kylie Ebringer Date: Fri, 17 Dec 2021 16:23:55 -0700 Subject: [PATCH 09/11] Fixed release version. --- docs/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index 78013232..7b9b4af5 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -2,7 +2,7 @@ CbAPI Changelog =============== .. top-of-changelog (DO NOT REMOVE THIS COMMENT) -CbAPI 1.7.65- Planned Release Dec 17, 2021 +CbAPI 1.7.6- Release Dec 188888888, 2021 ------------------------------------ Bug Fixes From 22f7b88ad868cd691aaeb052735a8e4b3dbdf460 Mon Sep 17 00:00:00 2001 From: Kylie Ebringer Date: Mon, 20 Dec 2021 08:17:26 -0700 Subject: [PATCH 10/11] fixed date on changelog --- docs/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index 7b9b4af5..54af41e4 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -2,7 +2,7 @@ CbAPI Changelog =============== .. top-of-changelog (DO NOT REMOVE THIS COMMENT) -CbAPI 1.7.6- Release Dec 188888888, 2021 +CbAPI 1.7.6 - Release Dec 20, 2021 ------------------------------------ Bug Fixes From 1e059749e94116e150d7dc5fd0790c12ca531467 Mon Sep 17 00:00:00 2001 From: Kylie Ebringer Date: Mon, 20 Dec 2021 13:25:45 -0700 Subject: [PATCH 11/11] Updated version to 1.7.6 --- README.md | 2 +- docs/conf.py | 2 +- setup.py | 2 +- src/cbapi/__init__.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ffaa36a0..a75558f4 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Python bindings for Carbon Black REST API -**Latest Version: 1.7.5** +**Latest Version: 1.7.6** _**Notice**:_ * The Carbon Black Cloud portion of CBAPI has moved to https://github.com/carbonblack/carbon-black-cloud-sdk-python. Any future development and bug fixes for Carbon Black Cloud APIs will be made there. Carbon Black EDR and App Control will remain supported at CBAPI diff --git a/docs/conf.py b/docs/conf.py index 3fdb0dc7..1f538938 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -61,7 +61,7 @@ # The short X.Y version. version = u'1.7' # The full version, including alpha/beta/rc tags. -release = u'1.7.5' +release = u'1.7.6' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/setup.py b/setup.py index 6f353565..745195b0 100644 --- a/setup.py +++ b/setup.py @@ -41,7 +41,7 @@ setup( name='cbapi', - version='1.7.5', + version='1.7.6', url='https://github.com/carbonblack/cbapi-python', license='MIT', author='Carbon Black', diff --git a/src/cbapi/__init__.py b/src/cbapi/__init__.py index 26373177..99d52b26 100644 --- a/src/cbapi/__init__.py +++ b/src/cbapi/__init__.py @@ -6,7 +6,7 @@ __author__ = 'Carbon Black Developer Network' __license__ = 'MIT' __copyright__ = 'Copyright 2018-2020 VMware Carbon Black' -__version__ = '1.7.5' +__version__ = '1.7.6' # New API as of cbapi 0.9.0 from cbapi.response.rest_api import CbEnterpriseResponseAPI, CbResponseAPI