Enterprise EDR

Submodules

cbc_sdk.enterprise_edr.threat_intelligence module

Model Classes for Enterprise Endpoint Detection and Response

class Feed(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.enterprise_edr.threat_intelligence.FeedModel

Represents a Feed object in the Carbon Black server.

Variables:
  • name – A human-friendly name for this feed
  • owner – The feed owner’s connector ID
  • provider_url – A URL supplied by the feed’s provider
  • summary – A human-friendly summary for the feed
  • category – The feed’s category
  • source_label – The feed’s source label
  • access – The feed’s access (public or private)
  • id – The feed’s unique ID

Initialize the Feed object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • model_unique_id (str) – The unique ID of the feed.
  • initial_data (dict) – The initial data for the object.
class FeedBuilder(cb, info)

Bases: object

Helper class allowing Feeds to be assembled.

Creates a new FeedBuilder object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • info (dict) – The initial information for the new feed.
add_reports(reports)

Adds new reports to the new feed.

Parameters:reports (list[Report]) – New reports to be added to the feed.
Returns:This object.
Return type:FeedBuilder
build()

Builds the new Feed.

Returns:The new Feed.
Return type:Feed
set_category(category)

Sets the category for the new feed.

Parameters:category (str) – New category for the feed.
Returns:This object.
Return type:FeedBuilder
set_name(name)

Sets the name for the new feed.

Parameters:name (str) – New name for the feed.
Returns:This object.
Return type:FeedBuilder
set_provider_url(provider_url)

Sets the provider URL for the new feed.

Parameters:provider_url (str) – New provider URL for the feed.
Returns:This object.
Return type:FeedBuilder
set_source_label(source_label)

Sets the source label for the new feed.

Parameters:source_label (str) – New source label for the feed.
Returns:This object.
Return type:FeedBuilder
set_summary(summary)

Sets the summary for the new feed.

Parameters:summary (str) – New summary for the feed.
Returns:This object.
Return type:FeedBuilder
access = None
append_reports(reports)

Append the given Reports to this Feed’s current Reports.

Parameters:reports ([Report]) – List of Reports to append to Feed.
Raises:InvalidObjectError – If id is missing.
append_reports_rawdata(report_data)

Append the given report data, formatted as per the API documentation for reports, to this Feed’s Reports.

Parameters:report_data (list[dict]) –
Raises:InvalidObjectError – If id is missing or validation of the data fails.
category = None
classmethod create(cb, name, provider_url, summary, category)

Begins creating a new feed by making a FeedBuilder to hold the new feed data.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • name (str) – Name for the new feed.
  • provider_url (str) – Provider URL for the new feed.
  • summary (str) – Summary for the new feed.
  • category (str) – Category for the new feed.
Returns:

The new FeedBuilder object to be used to create the feed.

Return type:

FeedBuilder

delete()

Deletes this feed from the Enterprise EDR server.

Raises:InvalidObjectError – If id is missing.
id = None
name = None
owner = None
primary_key = 'id'
provider_url = None
replace_reports(reports)

Replace this Feed’s Reports with the given Reports.

Parameters:reports ([Report]) – List of Reports to replace existing Reports with.
Raises:InvalidObjectError – If id is missing.
replace_reports_rawdata(report_data)

Replace this Feed’s Reports with the given reports, specified as raw data.

Parameters:report_data (list[dict]) –
Raises:InvalidObjectError – If id is missing or validation of the data fails.
reports

Returns a list of Reports associated with this feed.

Returns:List of Reports in this Feed.
Return type:Reports ([Report])
save(public=False)

Saves this feed on the Enterprise EDR server.

Parameters:public (bool) – Whether to make the feed publicly available.
Returns:The saved Feed.
Return type:Feed (Feed)
source_label = None
summary = None
update(**kwargs)

Update this feed’s metadata with the given arguments.

Parameters:

**kwargs (dict(str, str)) – The fields to update.

Raises:
  • InvalidObjectError – If id is missing or Feed.validate() fails.
  • ApiError – If an invalid field is specified.

Example:

>>> feed.update(access="private")
urlobject = '/threathunter/feedmgr/v2/orgs/{}/feeds'
urlobject_single = '/threathunter/feedmgr/v2/orgs/{}/feeds/{}'
validate()

Checks to ensure this feed contains valid data.

Raises:InvalidObjectError – If the feed contains invalid data.
class FeedModel(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)

Bases: cbc_sdk.base.UnrefreshableModel, cbc_sdk.base.CreatableModelMixin, cbc_sdk.base.MutableBaseModel

Represents a FeedModel object in the Carbon Black server.

Initialize the NewBaseModel object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • model_unique_id (Any) – The unique ID for this particular instance of the model object.
  • initial_data (dict) – The data to use when initializing the model object.
  • force_init (bool) – True to force object initialization.
  • full_doc (bool) – True to mark the object as fully initialized.
SCHEMA_IOCV2 = Schema({'id': And(And(<class 'str'>), <built-in function len>), 'match_type': And(And(<class 'str'>), And(<function FeedModel.<lambda>>)), 'values': And(And(<class 'list'>), [And(<class 'str'>)], <built-in function len>), Optional('field'): And(<class 'str'>), Optional('link'): And(<class 'str'>)})
SCHEMA_REPORT = Schema({'id': And(And(<class 'str'>), <built-in function len>), 'timestamp': And(And(<class 'int'>), And(<function FeedModel.<lambda>>)), 'title': And(And(<class 'str'>), <built-in function len>), 'description': And(And(<class 'str'>), <built-in function len>), 'severity': And(And(<class 'int'>), And(<function FeedModel.<lambda>>)), Optional('link'): And(<class 'str'>), Optional('tags'): And(And(<class 'list'>), [And(<class 'str'>)]), 'iocs_v2': And(And(<class 'list'>), [Schema({'id': And(And(<class 'str'>), <built-in function len>), 'match_type': And(And(<class 'str'>), And(<function FeedModel.<lambda>>)), 'values': And(And(<class 'list'>), [And(<class 'str'>)], <built-in function len>), Optional('field'): And(<class 'str'>), Optional('link'): And(<class 'str'>)})], And(<built-in function len>)), Optional('visibility'): And(<class 'str'>)})
class FeedQuery(doc_class, cb)

Bases: cbc_sdk.base.SimpleQuery

Represents the logic for a Feed query.

>>> cb.select(Feed)
>>> cb.select(Feed, id)
>>> cb.select(Feed).where(include_public=True)

Initialize the FeedQuery object.

Parameters:
  • doc_class (class) – The class of the model this query returns.
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
results

Return a list of Feed objects matching self._args parameters.

where(**kwargs)

Add kwargs to self._args dictionary.

class IOC(cb, model_unique_id=None, initial_data=None, report_id=None)

Bases: cbc_sdk.enterprise_edr.threat_intelligence.FeedModel

Represents a IOC object in the Carbon Black server.

Variables:
  • md5 – A list of MD5 checksums
  • ipv4 – A list of IPv4 addresses
  • ipv6 – A list of IPv6 addresses
  • dns – A list of domain names
  • query – A list of dicts, each containing an IOC query

Creates a new IOC instance.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • model_unique_id (str) – Unique ID of this IOC.
  • initial_data (dict) – Initial data used to populate the IOC.
  • report_id (str) – ID of the report this IOC belongs to (if this is a watchlist IOC).
Raises:

ApiError – If initial_data is None.

dns = []
ipv4 = []
ipv6 = []
md5 = []
query = []
validate()

Checks to ensure this IOC contains valid data.

Raises:InvalidObjectError – If the IOC contains invalid data.
class IOC_V2(cb, model_unique_id=None, initial_data=None, report_id=None)

Bases: cbc_sdk.enterprise_edr.threat_intelligence.FeedModel

Represents a IOC_V2 object in the Carbon Black server.

Variables:
  • id – The IOC_V2’s unique ID
  • match_type – How IOCs in this IOC_V2 are matched
  • values – A list of IOCs
  • field – The kind of IOCs contained in this IOC_V2
  • link – A URL for some reference for this IOC_V2

Creates a new IOC_V2 instance.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • model_unique_id (Any) – Unused.
  • initial_data (dict) – Initial data used to populate the IOC.
  • report_id (str) – ID of the report this IOC belongs to (if this is a watchlist IOC).
Raises:

ApiError – If initial_data is None.

classmethod create_equality(cb, iocid, field, *values)

Creates a new “equality” IOC.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • iocid (str) – ID for the new IOC. If this is None, a UUID will be generated for the IOC.
  • field (str) – Name of the field to be matched by this IOC.
  • *values (list(str)) – String values to match against the value of the specified field.
Returns:

New IOC data structure.

Return type:

IOC_V2

Raises:

ApiError – If there is not at least one value to match against.

classmethod create_query(cb, iocid, query)

Creates a new “query” IOC.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • iocid (str) – ID for the new IOC. If this is None, a UUID will be generated for the IOC.
  • query (str) – Query to be incorporated in this IOC.
Returns:

New IOC data structure.

Return type:

IOC_V2

Raises:

ApiError – If the query string is not present.

classmethod create_regex(cb, iocid, field, *values)

Creates a new “regex” IOC.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • iocid (str) – ID for the new IOC. If this is None, a UUID will be generated for the IOC.
  • field (str) – Name of the field to be matched by this IOC.
  • *values (list(str)) – Regular expression values to match against the value of the specified field.
Returns:

New IOC data structure.

Return type:

IOC_V2

Raises:

ApiError – If there is not at least one regular expression to match against.

field = None
id = None
ignore()

Sets the ignore status on this IOC.

Only watchlist IOCs have an ignore status.

Raises:InvalidObjectError – If id is missing or this IOC is not from a Watchlist.
ignored

Returns whether or not this IOC is ignored.

Only watchlist IOCs have an ignore status.

Returns:True if the IOC is ignored, False otherwise.
Return type:bool
Raises:InvalidObjectError – If this IOC is missing an id or is not a Watchlist IOC.

Example:

>>> if ioc.ignored:
...     ioc.unignore()
classmethod ipv6_equality_format(input)

Turns a canonically-formatted IPv6 address into a string suitable for use in an equality IOC.

Parameters:input (str) – The IPv6 address to be translated.
Returns:The translated form of IPv6 address.
Return type:str
Raises:ApiError – If the string is not in valid format.
match_type = None
primary_key = 'id'
unignore()

Removes the ignore status on this IOC.

Only watchlist IOCs have an ignore status.

Raises:InvalidObjectError – If id is missing or this IOC is not from a Watchlist.
validate()

Checks to ensure this IOC contains valid data.

Raises:InvalidObjectError – If the IOC contains invalid data.
values = []
class Report(cb, model_unique_id=None, initial_data=None, feed_id=None, from_watchlist=False)

Bases: cbc_sdk.enterprise_edr.threat_intelligence.FeedModel

Represents a Report object in the Carbon Black server.

Variables:
  • id – The report’s unique ID
  • timestamp – When this report was created
  • title – A human-friendly title for this report
  • description – A human-friendly description for this report
  • severity – The severity of the IOCs within this report
  • link – A URL for some reference for this report
  • tags – A list of tags for this report
  • iocs_v2 – A list of IOC_V2 dicts associated with this report
  • visibility – The visibility of this report

Initialize the ReportSeverity object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • model_unique_id (Any) – Unused.
  • initial_data (dict) – The initial data for the object.
  • feed_id (str) – The ID of the feed this report is for.
  • from_watchlist (str) – The ID of the watchlist this report is for.
class ReportBuilder(cb, report_body)

Bases: object

Helper class allowing Reports to be assembled.

Initialize a new ReportBuilder.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • report_body (dict) – Partial report body which should be filled in with all “required” fields.
add_ioc(ioc)

Adds an IOC to the new report.

Parameters:ioc (IOC_V2) – The IOC to be added to the report.
Returns:This object.
Return type:ReportBuilder
add_tag(tag)

Adds a tag value to the new report.

Parameters:tag (str) – The new tag for the object.
Returns:This object.
Return type:ReportBuilder
build()

Builds the actual Report from the internal data of the ReportBuilder.

Returns:The new Report.
Return type:Report
set_description(description)

Set the description for the new report.

Parameters:description (str) – New description for the report.
Returns:This object.
Return type:ReportBuilder

Set the link for the new report.

Parameters:link (str) – New link for the report.
Returns:This object.
Return type:ReportBuilder
set_severity(severity)

Set the severity for the new report.

Parameters:severity (int) – New severity for the report.
Returns:This object.
Return type:ReportBuilder
set_timestamp(timestamp)

Set the timestamp for the new report.

Parameters:timestamp (int) – New timestamp for the report.
Returns:This object.
Return type:ReportBuilder
set_title(title)

Set the title for the new report.

Parameters:title (str) – New title for the report.
Returns:This object.
Return type:ReportBuilder
set_visibility(visibility)

Set the visibility for the new report.

Parameters:visibility (str) – New visibility for the report.
Returns:This object.
Return type:ReportBuilder
append_iocs(iocs)

Append a list of IOCs to this Report.

Parameters:iocs (list[IOC_V2]) – List of IOCs to be added.
classmethod create(cb, title, description, severity, timestamp=None, tags=None)

Begin creating a new Report by returning a ReportBuilder.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • title (str) – Title for the new report.
  • description (str) – Description for the new report.
  • severity (int) – Severity value for the new report.
  • timestamp (int) – UNIX-epoch timestamp for the new report. If omitted, current time will be used.
  • tags (list[str]) – Tags to be added to the report. If omitted, there will be none.
Returns:

Reference to the ReportBuilder object.

Return type:

ReportBuilder

custom_severity

Returns the custom severity for this report.

Returns:
The custom severity for this Report,
if it exists.
Return type:ReportSeverity (ReportSeverity)
Raises:InvalidObjectError – If id ismissing or this Report is from a Watchlist.
delete()

Deletes this report from the Enterprise EDR server.

Raises:InvalidObjectError – If id is missing, or feed_id is missing and this report is a Feed Report.

Example:

>>> report.delete()
description = None
id = None
ignore()

Sets the ignore status on this report.

Only watchlist reports have an ignore status.

Raises:InvalidObjectError – If id is missing or this Report is not from a Watchlist.
ignored

Returns the ignore status for this report.

Only watchlist reports have an ignore status.

Returns:True if this Report is ignored, False otherwise.
Return type:(bool)
Raises:InvalidObjectError – If id is missing or this Report is not from a Watchlist.

Example:

>>> if report.ignored:
...     report.unignore()
iocs = {}
iocs_

Returns a list of IOC_V2’s associated with this report.

Returns:List of IOC_V2’s for associated with the Report.
Return type:IOC_V2 ([IOC_V2])

Example:

>>> for ioc in report.iocs_:
...     print(ioc.values)
iocs_v2 = []
primary_key = 'id'
remove_iocs(iocs)

Remove a list of IOCs from this Report.

Parameters:iocs (list[IOC_V2]) – List of IOCs to be removed.
remove_iocs_by_id(ids_list)

Remove IOCs from this report by specifying their IDs.

Parameters:ids_list (list[str]) – List of IDs of the IOCs to be removed.
save_watchlist()

Saves this report as a watchlist report.

Note

This method cannot be used to save a feed report. To save feed reports, create them with cb.create and use Feed.replace.

Raises:InvalidObjectError – If Report.validate() fails.
severity = None
tags = []
timestamp = None
title = None
unignore()

Removes the ignore status on this report.

Only watchlist reports have an ignore status.

Raises:InvalidObjectError – If id is missing or this Report is not from a Watchlist.
update(**kwargs)

Update this Report with the given arguments.

Parameters:**kwargs (dict(str, str)) – The Report fields to update.
Returns:The updated Report.
Return type:Report (Report)
Raises:InvalidObjectError – If id is missing, or feed_id is missing and this report is a Feed Report, or Report.validate() fails.

Note

The report’s timestamp is always updated, regardless of whether passed explicitly.

>>> report.update(title="My new report title")
urlobject = '/threathunter/feedmgr/v2/orgs/{}/feeds/{}/reports'
validate()

Checks to ensure this report contains valid data.

Raises:InvalidObjectError – If the report contains invalid data.
visibility = None
class ReportQuery(doc_class, cb)

Bases: cbc_sdk.base.SimpleQuery

Represents the logic for a Report query.

Note

Only feed reports can be queried. Watchlist reports should be interacted
with via Watchlist.reports().

Example: >>> cb.select(Report).where(feed_id=id)

Initialize the ReportQuery object.

Parameters:
  • doc_class (class) – The class of the model this query returns.
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
results

Return a list of Report objects matching self._args[‘feed_id’].

where(**kwargs)

Add kwargs to self._args dictionary.

class ReportSeverity(cb, initial_data=None)

Bases: cbc_sdk.enterprise_edr.threat_intelligence.FeedModel

Represents a ReportSeverity object in the Carbon Black server.

Variables:
  • report_id – The unique ID for the corresponding report
  • severity – The severity level

Initialize the ReportSeverity object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • initial_data (dict) – The initial data for the object.
primary_key = 'report_id'
report_id = None
severity = None
class Watchlist(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.enterprise_edr.threat_intelligence.FeedModel

Represents a Watchlist object in the Carbon Black server.

Variables:

Initialize the Watchlist object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • model_unique_id (str) – The unique ID of the watch list.
  • initial_data (dict) – The initial data for the object.
class WatchlistBuilder(cb, name)

Bases: object

Helper class allowing Watchlists to be assembled.

Creates a new WatchlistBuilder object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • name (str) – Name for the new watchlist.
add_report_ids(report_ids)

Adds report IDs to the watchlist.

Parameters:report_ids (list[str]) – List of report IDs to add to the watchlist.
Returns:This object.
Return type:WatchlistBuilder
add_reports(reports)

Adds reports to the watchlist.

Parameters:reports (list[Report]) – List of reports to be added to the watchlist.
Returns:This object.
Return type:WatchlistBuilder
build()

Builds the new Watchlist using information in the builder. The new watchlist must still be saved.

Returns:The new Watchlist.
Return type:Watchlist
set_alerts_enabled(flag)

Sets whether alerts will be enabled on the new watchlist.

Parameters:flag (bool) – True to enable alerts, False to disable them. Default is False.
Returns:This object.
Return type:WatchlistBuilder
set_description(description)

Sets the description for the new watchlist.

Parameters:description (str) – New description for the watchlist.
Returns:This object.
Return type:WatchlistBuilder
set_name(name)

Sets the name for the new watchlist.

Parameters:name (str) – New name for the watchlist.
Returns:This object.
Return type:WatchlistBuilder
set_tags_enabled(flag)

Sets whether tags will be enabled on the new watchlist.

Parameters:flag (bool) – True to enable tags, False to disable them. Default is True.
Returns:This object.
Return type:WatchlistBuilder
add_report_ids(report_ids)

Adds new report IDs to the watchlist.

Parameters:report_ids (list[str]) – List of report IDs to be added to the watchlist.
add_reports(reports)

Adds new reports to the watchlist.

Parameters:reports (list[Report]) – List of reports to be added to the watchlist.
alerts_enabled = None
classifier = {}
classifier_

Returns the classifier key and value, if any, for this watchlist.

Returns:Watchlist’s classifier key and value. None: If there is no classifier key and value.
Return type:tuple(str, str)
classmethod create(cb, name)

Starts creating a new Watchlist by returning a WatchlistBuilder that can be used to set attributes.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • name (str) – Name for the new watchlist.
Returns:

The builder for the new watchlist. Call build() to create the actual Watchlist.

Return type:

WatchlistBuilder

classmethod create_from_feed(feed, name=None, description=None, enable_alerts=False, enable_tags=True)

Creates a new Watchlist that encapsulates a Feed.

Parameters:
  • feed (Feed) – The feed to be encapsulated by this Watchlist.
  • name (str) – Name for the new watchlist. The default is to use the Feed name.
  • description (str) – Description for the new watchlist. The default is to use the Feed summary.
  • enable_alerts (bool) –
  • enable_tags (bool) –
Returns:

A new Watchlist object, which must be saved to the server.

Return type:

Watchlist

create_timestamp = None
delete()

Deletes this watchlist from the Enterprise EDR server.

Raises:InvalidObjectError – If id is missing.
description = None
disable_alerts()

Disable alerts for this watchlist.

Raises:InvalidObjectError – If id is missing.
disable_tags()

Disable tagging for this watchlist.

Raises:InvalidObjectError – if id is missing.
enable_alerts()

Enable alerts for this watchlist. Alerts are not retroactive.

Raises:InvalidObjectError – If id is missing.
enable_tags()

Enable tagging for this watchlist.

Raises:InvalidObjectError – If id is missing.
feed

Returns the Feed linked to this Watchlist, if there is one.

id = None
last_update_timestamp = None
name = None
report_ids = []
reports

Returns a list of Report objects associated with this watchlist.

Returns:List of Reports associated with the watchlist.
Return type:Reports ([Report])

Note

If this Watchlist is a classifier (i.e. feed-linked) Watchlist, reports will be empty. To get the reports associated with the linked Feed, use feed like:

>>> for report in watchlist.feed.reports:
...     print(report.title)
save()

Saves this watchlist on the Enterprise EDR server.

Returns:The saved Watchlist.
Return type:Watchlist (Watchlist)
Raises:InvalidObjectError – If Watchlist.validate() fails.
tags_enabled = None
update(**kwargs)

Updates this watchlist with the given arguments.

Parameters:

**kwargs (dict(str, str)) – The fields to update.

Raises:
  • InvalidObjectError – If id is missing or Watchlist.validate() fails.
  • ApiError – If report_ids is given and is empty.

Example:

>>> watchlist.update(name="New Name")
urlobject = '/threathunter/watchlistmgr/v2/watchlist'
urlobject_single = '/threathunter/watchlistmgr/v2/watchlist/{}'
validate()

Checks to ensure this watchlist contains valid data.

Raises:InvalidObjectError – If the watchlist contains invalid data.
class WatchlistQuery(doc_class, cb)

Bases: cbc_sdk.base.SimpleQuery

Represents the logic for a Watchlist query.

>>> cb.select(Watchlist)

Initialize the WatchlistQuery object.

Parameters:
  • doc_class (class) – The class of the model this query returns.
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
results

Return a list of all Watchlist objects.

log = <Logger cbc_sdk.enterprise_edr.threat_intelligence (WARNING)>

Models

cbc_sdk.enterprise_edr.ubs module

Model Classes for Enterprise Endpoint Detection and Response

class Binary(cb, model_unique_id)

Bases: cbc_sdk.base.UnrefreshableModel

Represents a Binary object in the Carbon Black server.

Variables:
  • sha256 – The SHA-256 hash of the file
  • md5 – The MD5 hash of the file
  • file_available – If true, the file is available for download
  • available_file_size – The size of the file available for download
  • file_size – The size of the actual file (represented by the hash)
  • os_type – The OS that this file is designed for
  • architecture – The set of architectures that this file was compiled for
  • lang_id – The Language ID value for the Windows VERSIONINFO resource
  • charset_id – The Character set ID value for the Windows VERSIONINFO resource
  • internal_name – The internal name from FileVersionInformation
  • product_name – The product name from FileVersionInformation
  • company_name – The company name from FileVersionInformation
  • trademark – The trademark from FileVersionInformation
  • file_description – The file description from FileVersionInformation
  • file_version – The file version from FileVersionInformation
  • comments – Comments from FileVersionInformation
  • original_filename – The original filename from FileVersionInformation
  • product_description – The product description from FileVersionInformation
  • product_version – The product version from FileVersionInformation
  • private_build – The private build from FileVersionInformation
  • special_build – The special build from FileVersionInformation

Initialize the Binary object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • model_unique_id (str) – The SHA-256 of the binary being retrieved.
class Summary(cb, model_unique_id)

Bases: cbc_sdk.base.UnrefreshableModel

Represents a Summary object in the Carbon Black server.

Initialize the Summary object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • model_unique_id (str) – The SHA-256 of the binary being retrieved.
primary_key = 'sha256'
urlobject_single = '/ubs/v1/orgs/{}/sha256/{}/summary/device'
architecture = []
available_file_size = None
charset_id = None
comments = None
company_name = None
download_url(expiration_seconds=3600)

Returns a URL that can be used to download the file for this binary. Returns None if no download found.

Parameters:expiration_seconds (int) – How long the download should be valid for.
Returns:A pre-signed AWS download URL. None: If no download is found.
Return type:URL (str)
Raises:InvalidObjectError – If the URL retrieval should be retried.
file_available = None
file_description = None
file_size = None
file_version = None
internal_name = None
lang_id = None
md5 = None
original_filename = None
os_type = None
primary_key = 'sha256'
private_build = None
product_description = None
product_name = None
product_version = None
sha256 = None
special_build = None
summary

Returns organization-specific information about this binary.

trademark = None
urlobject_single = '/ubs/v1/orgs/{}/sha256/{}/metadata'
class Downloads(cb, shas, expiration_seconds=3600)

Bases: cbc_sdk.base.UnrefreshableModel

Represents a Downloads object in the Carbon Black server.

Initialize the Downloads object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • shas (list) – A list of SHA hash values for binaries.
  • expiration_seconds (int) – Number of seconds until this request expires.
class FoundItem(cb, item)

Bases: cbc_sdk.base.UnrefreshableModel

Represents a FoundItem object in the Carbon Black server.

Initialize the FoundItem object.

Parameters:
  • cb (CBCloudAPI) – A reference to the CBCloudAPI object.
  • item (dict) – The values for a successfully-retrieved item.
primary_key = 'sha256'
found

Returns a list of Downloads.FoundItem, one for each binary found in the binary store.

urlobject = '/ubs/v1/orgs/{}/file/_download'

Module contents