Releases: carbonblack/cbapi-python
cbapi Python Bindings - 1.5.0
Please use v1.5.1
CBAPI now support CB LiveOps.
CB LiveOps API Reference.
Change Log
- CB LiveOps
- Start new LiveQuery (LQ) runs
- Fetch LQ results
- View LQ run status
- Filter on LQ results
- PSC Org Key Management
Examples
- LiveQuery - manage_run.py
- LiveQuery - run_search.py
cbapi Python Bindings - 1.4.5
CBAPI v1.4.5
Change Log
- CB ThreatHunter
- Route Updates for Process Search, Feed Management, Watchlist Management
- Enforce org_key Presence
- Org-based Process Search
- Org-based Event Search
- Org-based Tree Queries
- Minor updates to improve Python3 Compatibility
Updated Examples
- Updated CB TH Process Search Example
- Added process_guid to process_tree example for ThreatHunter
cbapi Python Bindings - 1.4.4
cbapi Python Bindings - 1.4.3
CBAPI v1.4.3
Change Log
- CB ThreatHunter - Feed fixes #156
- CB Response - Change Alert model object to use v2 route #155
- CB Response - Only view active LR sessions #154
- Removing refs to VT alliance feeds #144
Updated Examples
- CB Defense - Create list_events_with_cmdline_csv.py #152
- CB Defense - Updated import link to proper module #148
Pull Requests & Issues
cbapi Python Bindings - 1.4.2
CBAPI v1.4.2
Change Log
- CB ThreatHunter Feed fixes
- Improved log messages
- Updates to Readthedocs website
cbapi Python Bindings - 1.4.0
CBAPI v1.4.0
We are proud to announce that CbAPI 1.4.0 is now available for installation via Python's PyPI.
This release includes compatibility with Carbon Black PSC ThreatHunter and the new APIs available in PSC's ThreatHunter.
Change Log
Currently, the Process Search API is exposed. As of version 1.4.0, there are three available model objects:
- Process
- Event
- Tree
cbapi Python Bindings - 1.3.6
This release has one critical fix:
- Fix a fatal exception when connecting to Cb Response 6.1.x servers
cbapi Python Bindings - 1.3.5
This release includes bugfixes and contributions from the Carbon Black community.
All products:
- More Python 3 compatibility fixes.
- Fix the
wait_for_completion
andwait_for_output
options in the Live Response.create_process()
method.
Ifwait_for_completion
is True, the call to.create_process()
will block until the remote process
has exited. Ifwait_for_output
is True, then.create_process()
will additionally wait until the output
of the remote process is ready and return that output to the caller. Settingwait_for_output
to True automatically setswait_for_completion
to True as well. - The
BaseAPI
constructor now takes three new optional keyword arguments to control the underlying connection pool:pool_connections
,pool_maxsize
, andpool_block
. These arguments are sent to the underlyingHTTPAdapter
used when connecting to the Carbon Black server. For more information on these parameters, see the Python requests module API documentation for HTTPAdapter.
Cb Defense:
- Date/time stamps in the Device model object are now represented as proper Python datetime objects, rather than integers.
- The
policy_operations.py
example script's "Replace Rule" command is fixed. - Add the Cb Live Response job-based API.
- Add a new example script
list_devices.py
Cb Response:
- The
Process
andBinary
model objects now return None by default when a non-existent attribute is referenced, rather than throwing an exception. - Fixes to
walk_children.py
example script. - Fix exceptions in enumerating child processes, retrieving path and MD5sums from processes.
- Multiple
.where()
clauses can now be used in theSensor
model object. - Workaround implemented for retrieving/managing more than 500 banned hashes.
- Alert bulk operations now work on batches of 500 alerts.
.flush_events()
method onSensor
model object no longer throws an exception on Cb Response 6.x servers..restart_sensor()
method now available forSensor
model object.- Fix
user_operations.py
example script to eliminate exception when adding a new user to an existing team. - Add
.remove_team()
method onUser
model object. - Automatically set
cb.legacy_5x_mode
query parameter for all Process queries whenever a legacy Solr core (from Cb Response 5.x) is loaded. - Added
.use_comprehensive_search()
method to enable the "comprehensive search" option on a Process query. See the Cb Developer Network documentation on Comprehensive Search for more information on "comprehensive search". - Add
.all_childprocs()
,.all_modloads()
,.all_filemods()
,.all_regmods()
,.all_crossprocs()
, and.all_netconns()
methods to retrieve process events from all segments, rather than the current process segment. You can also use the special segment "0" to retrieve process events across all segments. - Fix
cmdline_filters
in theIngressFilter
model object.
Cb Protection:
- Tamper Protection can now be set and cleared in the
Computer
model object.
cbapi Python Bindings - 1.3.3
This release includes security improvements and bugfixes.
Security changes:
-
CbAPI enforces the use of HTTPS when connecting to on-premise Cb Response servers.
-
CbAPI can optionally require TLSv1.2 when connecting to Carbon Black servers.
- Note that some versions of Python and OpenSSL, notably the version of OpenSSL packaged with Mac OS X, do not support TLSv1.2. This will cause CbAPI to fail to connect to Cb Response 6.1+ servers which require TLSv1.2 cipher suites.
- A new command,
cbapi check-tls
, will report the TLS version supported by your platform. - To enforce the use of TLSv1.2 when connecting to a server, add
ssl_force_tls_1_2=True
to that server's credential profile.
-
Add the ability to "pin" a specific server certificate to a credential profile.
- You can now force TLS certificate verification on self-signed, on-premise installations of Cb Response or Protection through the
ssl_cert_file
option in the credential profile. - To "pin" a server certificate, save the PEM-formatted server certificate to a file, and put the full path to that PEM file in the
ssl_cert_file
option of that server's credential profile. - When using this option with on-premise Cb Response servers, you may also have to set
ssl_verify_hostname=False
as the hostname in the certificate generated at install time islocalhost
and will not match the server's hostname or IP address. This option will still validate that the server's certificate is valid and matches the copy in thessl_cert_file
option.
- You can now force TLS certificate verification on self-signed, on-premise installations of Cb Response or Protection through the
Changes for Cb Protection:
- The API now sets the appropriate "GET" query fields when changing fields such as the
debugFlags
on the Computer object. - The
.template
attribute on the Computer model object has been renamed.templateComputer
. - Remove AppCatalog and AppTemplate model objects.
Changes for Cb Response:
- Added
.webui_link
property to Cb Response Query objects. - Added
ban_hash.py
example.
Bug Fixes:
- Error handling is improved on Python 3. Live Response auto-reconnect functionality is now fixed on Python 3 as a result.
- Workaround implemented for Cb Response 6.1 where segment_ids are truncated on Alerts. The
.process
attribute on an Alert now ignores thesegment_id
and links to the first Process segment. - Fixed issue with
Binary.signed
andCbModLoadEvent.is_signed
.
cbapi Python Bindings - 1.3.2
This release introduces the Policy API for Cb Defense. A sample policy_operations.py
script is now included in the examples
directory for Cb Defense.
Other changes:
-
Cb Response
- Bugfixes to the
User
Model Object. - New
user_operations.py
example script to manage users & teams. - Additional
Team
Model Object to add/remove/modify user teams. - New
check_datasharing.py
example script to check if third party data sharing is enabled for binaries on any sensor groups. - Documentation fix for the
User
Model Object. - Fix to the
watchlist_operations.py
example script.
- Bugfixes to the