Workload

Submodules

cbc_sdk.workload.sensor_lifecycle module

Sensor Lifecycle Management for Workloads

class SensorKit(cb, initial_data=None)

Bases: cbc_sdk.base.UnrefreshableModel

Represents a SensorKit object in the Carbon Black server.

Variables:
  • sensor_type – The type of information this sensor is for.
  • sensor_url – The URL for downloading the sensor installation package.
  • sensor_config_url – The URL for downloading the sensor configuration information.
  • error_code – Code for any error that occurred while getting the sensor information.
  • message – Message for any error that occurred while getting the sensor information.

Initialize the SensorKit object.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • initial_data (dict) – Initial data used to populate the sensor kit data.
COMPUTE_RESOURCE_MAP = {'CENTOS': 'RHEL', 'ORACLE': 'RHEL', 'SLES': 'SUSE'}
VALID_ARCHITECTURES = ['32', '64', 'OTHER']
VALID_DEVICE_TYPES = ['WINDOWS', 'LINUX', 'MAC']
VALID_TYPES = ['WINDOWS', 'MAC', 'RHEL', 'UBUNTU', 'SUSE', 'AMAZON_LINUX']
error_code = None
classmethod from_type(cb, device_type, architecture, sensor_type, version)

Helper method used to create a temporary SensorKit object from its four components.

This method CANNOT be used to create an object that will be persisted to the server.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • device_type (str) – Device type to be used. Valid values are “WINDOWS”, “LINUX”, and “MAC”.
  • architecture (str) – Architecture to be used. Valid values are “32”, “64”, and “OTHER”.
  • sensor_type (str) – Sensor type to be used. Valid values are “WINDOWS”, “MAC”, “RHEL”, “UBUNTU”, “SUSE”, and “AMAZON_LINUX”.
  • version (str) – Sensor version number to be used.
Returns:

A SensorType object with those specified values.

Return type:

SensorType

Raises:

ApiError – If an invalid value was used for one of the three limited values.

classmethod get_config_template(cb)

Retrieve the sample config.ini file with the properties populated from the server.

Parameters:cb (BaseAPI) – Reference to API object used to communicate with the server.
Returns:Text of the sample configuration file.
Return type:str
message = None
sensor_config_url = None
sensor_type = {}
sensor_url = None
class SensorKitQuery(doc_class, cb)

Bases: cbc_sdk.base.BaseQuery, cbc_sdk.base.CriteriaBuilderSupportMixin, cbc_sdk.base.IterableQueryMixin, cbc_sdk.base.AsyncQueryMixin

Query class used to read in SensorKit objects.

Initialize the SensorKitQuery.

Parameters:
  • doc_class (class) – The model class that will be returned by this query.
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
add_sensor_kit_type(skit=None, **kwargs)

Add a sensor kit type to the request.

Parameters:
  • skit (SensorKit) – The sensor kit type to be added to the request.
  • **kwargs (dict) – If skit is None, the keyword arguments ‘device_type’, ‘architecture’, ‘sensor_type’, and ‘version’ are used to create the sensor kit type to be added.
Returns:

Reference to this object.

Return type:

SensorKitQuery

config_params(params)

Sets the configuration parameters for the sensor kit query request.

Parameters:params (str) – The text of a config.ini file with a list of sensor properties to configure on installation.
Returns:Reference to this object.
Return type:SensorKitQuery
expires(expiration_date_time)

Sets the expiration date and time for the sensor kit query request.

Parameters:expiration_date_time (str) – The time at which the sensor download link will expire, expressed as ISO 8601 UTC.
Returns:Reference to this object.
Return type:SensorKitQuery

cbc_sdk.workload.vulnerability_assessment module

Model and Query Classes for Vulnerability Assessment API

class AffectedAssetQuery(vulnerability, cb)

Bases: cbc_sdk.workload.vulnerability_assessment.VulnerabilityQuery

Query Class for the Vulnerability

Initialize the AffectedAssetQuery.

Parameters:
  • vulnerability (class) – The vulnerability that will be returned by this query.
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
class DeviceVulnerability(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a DeviceVulnerability object in the Carbon Black server.

Initialize DeviceVulnerability

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • model_unique_id (str) – ID of the vulnerability represented.
  • initial_data (dict) – Initial data used to populate the alert.
VALID_CATEGORY = ['OS', 'APP']
active_internet_breach = None
cvss_access_complexity = None
cvss_access_vector = None
cvss_authentication = None
cvss_availability_impact = None
cvss_confidentiality_impact = None
cvss_exploit_subscore = None
cvss_impact_subscore = None
cvss_integrity_impact = None
cvss_score = None
cvss_v3_exploit_subscore = None
cvss_v3_impact_subscore = None
cvss_v3_score = None
cvss_v3_vector = None
cvss_vector = None
easily_exploitable = None
classmethod get_vulnerability_summary_per_device(cb, device_id, category=None, vcenter_id=None)

Returns vulnerability summary at the device level

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • device_id (int) –
  • category (str) (optional) category for which the vulnerability data is filtered (OS, APP) –
  • vcenter_id (str) (optional) –
Returns:

summary for vulnerabilities per device

Return type:

dictinary

malware_exploitable = None
url_additional = 'devices/{}/vulnerabilities/summary'
urlobject = '/vulnerability/assessment/api/v1/orgs/{}/'
class DeviceVulnerabilityQuery(device, cb)

Bases: cbc_sdk.workload.vulnerability_assessment.VulnerabilityQuery

Query Class for the DeviceVulnerability

Initialize the DeviceVulnerabilityQuery.

Parameters:
  • device (class) – The model class (Device) that will be returned by this query.
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
class OrganizationalVulnerability(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a OrganizationalVulnerability object in the Carbon Black server.

Variables:num_found – Number of matching devices

Initialize the OrganizationalVulnerability object.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • model_unique_id (int) – Not used by this class
  • initial_data (dict) – dictionary of the data
num_found = None
result = []
url_additional = ''
urlobject = '/vulnerability/assessment/api/v1/orgs/{0}'
class Vulnerability(cb, model_unique_id, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a Vulnerability object in the Carbon Black server.

Initialize the Vulnerability object.

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • model_unique_id (str) – ID of the vulnerability represented.
  • initial_data (dict) – Initial data used to populate the alert.
active_internet_breach = None
affected_assets(os_product_id)

Returns a list of Vulnerability objects associated with device.

Args;
os_product_id (str) operating system product ID
Returns:AffectedAssetQuery
cvss_access_complexity = None
cvss_access_vector = None
cvss_authentication = None
cvss_availability_impact = None
cvss_confidentiality_impact = None
cvss_exploit_subscore = None
cvss_impact_subscore = None
cvss_integrity_impact = None
cvss_score = None
cvss_v3_exploit_subscore = None
cvss_v3_impact_subscore = None
cvss_v3_score = None
cvss_v3_vector = None
cvss_vector = None
easily_exploitable = None
malware_exploitable = None
primary_key = 'cve_id'
url_additional = ''
urlobject = '/vulnerability/assessment/api/v1'
urlobject_single = '/vulnerability/assessment/api/v1/vulnerabilities/{}'
class VulnerabilityQuery(doc_class, cb)

Bases: cbc_sdk.base.BaseQuery, cbc_sdk.base.QueryBuilderSupportMixin, cbc_sdk.base.IterableQueryMixin, cbc_sdk.base.AsyncQueryMixin

Represents a query that is used to locate Vulnerabiltity objects.

Initialize the VulnerabilityQuery.

Parameters:
  • doc_class (class) – The model class that will be returned by this query.
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
VALID_DEVICE_TYPE = ['WORKLOAD', 'ENDPOINT']
VALID_DIRECTIONS = ['ASC', 'DESC']
VALID_OS_TYPE = ['CENTOS', 'RHEL', 'SLES', 'UBUNTU', 'WINDOWS']
VALID_SEVERITY = ['CRITICAL', 'IMPORTANT', 'MODERATE', 'LOW']
VALID_SYNC_STATUS = ['NOT_STARTED', 'MATCHED', 'ERROR', 'NOT_MATCHED', 'NOT_SUPPORTED', 'CANCELLED', 'IN_PROGRESS', 'ACTIVE', 'COMPLETED']
VALID_SYNC_TYPE = ['MANUAL', 'SCHEDULED']
set_device_type(device_type, operator)

Restricts the vulnerabilities that this query is performed on to the specified device type.

Parameters:
  • device_type (string) – device type (“WORKLOAD”, “ENDPOINT”)
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_highest_risk_score(highest_risk_score, operator)

Restricts the vulnerabilities that this query is performed on to the specified highest_risk_score.

Parameters:
  • highest_risk_score (double) – highest_risk_score.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_last_sync_ts(last_sync_ts, operator)

Restricts the vulnerabilities that this query is performed on to the specified last_sync_ts.

Parameters:
  • last_sync_ts (string) – last_sync_ts.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_name(name, operator)

Restricts the vulnerabilities that this query is performed on to the specified name.

Parameters:
  • name (string) – name.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_arch(os_arch, operator)

Restricts the vulnerabilities that this query is performed on to the specified os_arch.

Parameters:
  • os_arch (string) – os_arch.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_name(os_name, operator)

Restricts the vulnerabilities that this query is performed on to the specified os_name.

Parameters:
  • os_name (string) – os_name.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_type(os_type, operator)

Restricts the vulnerabilities that this query is performed on to the specified os type.

Parameters:
  • os_type (string) – os type (“CENTOS”, “RHEL”, “SLES”, “UBUNTU”, “WINDOWS”)
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_version(os_version, operator)

Restricts the vulnerabilities that this query is performed on to the specified os_version.

Parameters:
  • os_version (string) – os_version.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_severity(severity, operator)

Restricts the vulnerabilities that this query is performed on to the specified severity.

Parameters:
  • severity (string) – severity (“CRITICAL”, “IMPORTANT”, “MODERATE”, “LOW”)
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_sync_status(sync_status, operator)

Restricts the vulnerabilities that this query is performed on to the specified sync_status.

Parameters:
  • sync_status (string) – sync_status (“NOT_STARTED”, “MATCHED”, “ERROR”, “NOT_MATCHED”, “NOT_SUPPORTED”, “CANCELLED”, “IN_PROGRESS”, “ACTIVE”, “COMPLETED”)
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_sync_type(sync_type, operator)

Restricts the vulnerabilities that this query is performed on to the specified sync_type.

Parameters:
  • sync_type (string) – sync_type (“MANUAL”, “SCHEDULED”)
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_vcenter(vcenter_id)

Restricts the vulnerabilities that this query is performed on to the specified vcenter id.

Parameters:vcenter_id (string) – vcenter id.
Returns:This instance.
Return type:VulnerabilityQuery
set_vm_id(vm_id, operator)

Restricts the vulnerabilities that this query is performed on to the specified vm_id.

Parameters:
  • vm_id (string) – vm_id.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

set_vuln_count(vuln_count, operator)

Restricts the vulnerabilities that this query is performed on to the specified vuln_count.

Parameters:
  • vuln_count (string) – vuln_count.
  • operator (string) – logic operator to apply to property value.
Returns:

This instance.

Return type:

VulnerabilityQuery

sort_by(key, direction='ASC')

Sets the sorting behavior on a query’s results.

Example

>>> cb.select(Vulnerabiltiy).sort_by("status")
Parameters:
  • key (str) – The key in the schema to sort by.
  • direction (str) – The sort order, either “ASC” or “DESC”.
Returns:

This instance.

Return type:

VulnerabilityQuery

Raises:

ApiError – If an invalid direction value is passed.

class VulnerabilitySummary(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a VulnerabilitySummary object in the Carbon Black server.

Variables:

Initialize VulnerabilitySummary object

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • model_unique_id (int) – Not used by this class
  • initial_data (dict) – dictionary of the data
VALID_SEVERITY = ['CRITICAL', 'IMPORTANT', 'MODERATE', 'LOW']
classmethod get_org_vulnerability_summary(cb, severity=None, vcenter_id=None)

Returns vulnerability summary at the organization level

Parameters:
  • cb (BaseAPI) – Reference to API object used to communicate with the server.
  • severity (str) – (optional) filters the vulnerability sumary per severity
  • IMPORTANT, MODERATE, LOW) ((CRITICAL,) –
  • vcenter_id (str) – (optional) filters the vulenerability per vcenter id
Returns:

monitored_assets and severity summary

Return type:

dict

monitored_assets = None
severity_summary = {}
url_additional = '/summary'
urlobject = '/vulnerability/assessment/api/v1/orgs/{0}'
log = <Logger cbc_sdk.workload.vulnerability_assessment (WARNING)>

Vulnerability models

Module contents