Skip to content

Commit

Permalink
Merge pull request #205 from carbonblack/develop
Browse files Browse the repository at this point in the history
Release 1.3.2 (merge master)
  • Loading branch information
abowersox-cb authored Aug 9, 2021
2 parents e5efed5 + 4a3a0c0 commit df81027
Show file tree
Hide file tree
Showing 34 changed files with 3,512 additions and 193 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# VMware Carbon Black Cloud Python SDK

**Latest Version:** 1.3.1
**Latest Version:** 1.3.2
<br>
**Release Date:** 15 June 2021
**Release Date:** 10 August 2021

[![Coverage Status](https://coveralls.io/repos/github/carbonblack/carbon-black-cloud-sdk-python/badge.svg?t=Id6Baf)](https://coveralls.io/github/carbonblack/carbon-black-cloud-sdk-python)
[![Codeship Status for carbonblack/carbon-black-cloud-sdk-python](https://app.codeship.com/projects/9e55a370-a772-0138-aae4-129773225755/status?branch=develop)](https://app.codeship.com/projects/402767)
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.3.1
1.3.2
18 changes: 18 additions & 0 deletions docs/changelog.rst
Original file line number Diff line number Diff line change
@@ -1,5 +1,23 @@
Changelog
================================
CBC SDK 1.3.2 - Released August 10, 2021
--------------------------------

New Features:

* Added asynchronous query options to Live Response APIs.
* Added functionality for Watchlists, Reports, and Feeds to simplify developer interaction.

Updates:

* Added documentation on the mapping between permissions and Live Response commands.

Bug Fixes:

* Fixed an error using the STIX/TAXII example with Cabby.
* Fixed a potential infinite loop in getting detailed search results for enriched events and processes.
* Comparison now case-insensitive on UBS download.

CBC SDK 1.3.1 - Released June 15, 2021
--------------------------------

Expand Down
2 changes: 1 addition & 1 deletion docs/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
author = 'Developer Relations'

# The full version, including alpha/beta/rc tags
release = '1.3.1'
release = '1.3.2'


# -- General configuration ---------------------------------------------------
Expand Down
1 change: 1 addition & 0 deletions docs/guides-and-resources.rst
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Guides
* :doc:`live-response` - Live Response allows security operators to collect information and take action on remote endpoints in real time.
* :doc:`unified-binary-store` - The unified binary store (UBS) is responsible for storing all binaries and corresponding metadata for those binaries.
* :doc:`users-grants` - Work with users and access grants.
* :doc:`watchlists-feeds-reports` - Work with Enterprise EDR watchlists, feeds, reports, and Indicators of Compromise (IOCs).

Examples
--------
Expand Down
71 changes: 71 additions & 0 deletions docs/live-response.rst
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,77 @@ You can use Live Response with the Carbon Black Cloud Python SDK to:
* Dump contents of physical memory
* Execute, terminate and list processes

Before any commands are sent to the live response session, the proper permissions need to be configured for the Custom Key that is used.
The below table explains what permissions are needed for each of the SDK commands.

+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| Command | Required Permissions | Explanation |
+===================================================+========================================================+======================================================+
| | Create LR session for device | **CREATE**, **READ** org.liveresponse.session | CREATE is needed to start the LR session and |
| | device.lr_session() | | READ is needed to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Close session | **READ**, **DELETE** org.liveresponse.session | DELETE is needed to terminate the LR session and |
| | lr_session.close() | | READ is needed to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Get Raw File | **READ** org.liveresponse.file | |
| | lr_session.get_raw_file(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Get File | **READ** org.liveresponse.file | |
| | lr_session.get_file(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Upload File | **CREATE**, **READ** org.liveresponse.file | CREATE is needed to upload the file and READ is |
| | lr_session.put_file(...) | | needed to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Delete file | **READ**, **DELETE** org.liveresponse.file | DELETE is needed to delete the file and READ is |
| | lr_session.delete_file(...) | | needed to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | List Directory | **READ** org.liveresponse.file | |
| | lr_session.list_directory(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Create Directory | **CREATE**, **READ** org.liveresponse.file | CREATE is needed to create the directory and |
| | lr_session.create_directory(...) | | READ is needed to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Walk Directory | **READ** org.liveresponse.file | |
| | lr_session.walk(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Kill Process | **READ**, **DELETE** org.liveresponse.process | DELETE is needed to kill the process and READ is |
| | lr_session.kill_process(...) | | needed to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Create Process | | **EXECUTE** org.liveresponse.process | If wait_for_completion = False, wait_for_output = |
| | lr_session.create_process(...) | | OR | False only EXECUTE is needed. |
| | | **EXECUTE** org.liveresponse.process | Otherwise also file permissions are needed. |
| | | **READ**, **DELETE** org.liveresponse.file | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | List Processes | **READ** org.liveresponse.process | |
| | lr_session.list_processes(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | List Registry Keys and Values | **READ** org.liveresponse.registry | |
| | lr_session.list_registry_keys_and_values(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | List Registry Values | **READ** org.liveresponse.registry | |
| | lr_session.list_registry_values(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Get Registry Value | **READ** org.liveresponse.registry | |
| | lr_session.get_registry_value(...) | | |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Set Registry | **READ**, **UPDATE** org.liveresponse.registry | UPDATE is needed to set/create the value for the |
| | lr_session.set_registry_value(...) | | registry and READ to check the status of the command |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Create Registry Key | **CREATE**, **READ** org.liveresponse.registry | CREATE is needed to create the key and READ to |
| | lr_session.create_registry_key(...) | | check the status of the command. |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Delete Registry Key | **READ**, **DELETE** org.liveresponse.registry | DELETE is needed to delete the key and READ to |
| | lr_session.delete_registry_key(...) | | check the status of the command. |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Delete Registry Value | **READ**, **DELETE** org.liveresponse.registry | DELETE is needed to delete the value and READ to |
| | lr_session.delete_registry_value(...) | | check the status of the command. |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+
| | Memdump | **READ** org.liveresponse.memdump | The command to dump the memory includes three |
| | lr_session.memdump(...) | **READ**, **DELETE** org.liveresponse.file | commands - dumping the memory in a file on the |
| | | remote machine, downloading the file on the local |
| | | machine and deleting the file. |
+---------------------------------------------------+--------------------------------------------------------+------------------------------------------------------+

To send commands to an endpoint, first establish a "session" with a device.

Establish A Session With A Device
Expand Down
9 changes: 4 additions & 5 deletions docs/unified-binary-store.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Get Download URL
::

>>> from cbc_sdk import CBCloudAPI
>>> api = CBCloudAPI(profile='sample')
>>> cb = CBCloudAPI(profile='sample')
>>> from cbc_sdk.enterprise_edr.ubs import Binary
>>> sha256_hash = '8005557c1614c1e2c89f7db3702199de2b1e4605718fa32ff6ffdb2b41ed3759'
>>> binary = Binary(cb, sha256_hash)
Expand All @@ -29,7 +29,7 @@ We could set expiration period for the download link (in seconds).
::

>>> from cbc_sdk import CBCloudAPI
>>> api = CBCloudAPI(profile='sample')
>>> cb = CBCloudAPI(profile='sample')
>>> from cbc_sdk.enterprise_edr.ubs import Binary
>>> sha256_hash = '8005557c1614c1e2c89f7db3702199de2b1e4605718fa32ff6ffdb2b41ed3759'
>>> binary = Binary(cb, sha256_hash)
Expand All @@ -48,16 +48,15 @@ Currently querying binaries is not possible, but we could use the following synt
::

>>> from cbc_sdk import CBCloudAPI
>>> api = CBCloudAPI(profile='sample')
>>> cb = CBCloudAPI(profile='sample')
>>> from cbc_sdk.enterprise_edr.ubs import Binary
>>> sha256_hash = '8005557c1614c1e2c89f7db3702199de2b1e4605718fa32ff6ffdb2b41ed3759'
>>> binary = cb.select(Binary, sha256_hash)
>>> print(download_url)
...
https://cdc-file-storage-staging-us-east-1.s3.amazonaws.com/80/05/55/7c/16/14/c1/<trancated>

*Note: If we try to use* :code:`binary = cb.select(Binary)` *, it will fail with exception that the model is non queryable model.*
*Note: If we try to use* :code:`binary = cb.select(Binary)` *, it will fail with exception that the model is non queryable model.*

Find the full documentation at
`Unified Binary Store <https://carbon-black-cloud-python-sdk.readthedocs.io/en/latest/cbc_sdk.enterprise_edr/#module-cbc_sdk.enterprise_edr.ubs>`_.

Loading

0 comments on commit df81027

Please sign in to comment.