Workload

Submodules

cbc_sdk.workload.sensor_lifecycle module

Sensor Lifecycle Management for Workloads

class SensorKit(cb, initial_data=None)

Bases: cbc_sdk.base.UnrefreshableModel

Represents a SensorKit object in the Carbon Black server.

Variables:

• sensor_type – The type of information this sensor is for.
• sensor_url – The URL for downloading the sensor installation package.
• sensor_config_url – The URL for downloading the sensor configuration information.
• error_code – Code for any error that occurred while getting the sensor information.
• message – Message for any error that occurred while getting the sensor information.

Initialize the SensorKit object.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• initial_data (dict) – Initial data used to populate the sensor kit data.

COMPUTE_RESOURCE_MAP = {'CENTOS': 'RHEL', 'ORACLE': 'RHEL', 'SLES': 'SUSE'}

VALID_ARCHITECTURES = ['32', '64', 'OTHER']

VALID_DEVICE_TYPES = ['WINDOWS', 'LINUX', 'MAC']

VALID_TYPES = ['WINDOWS', 'MAC', 'RHEL', 'UBUNTU', 'SUSE', 'AMAZON_LINUX']

error_code = None

classmethod from_type(cb, device_type, architecture, sensor_type, version)

Helper method used to create a temporary SensorKit object from its four components.

This method CANNOT be used to create an object that will be persisted to the server.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• device_type (str) – Device type to be used. Valid values are “WINDOWS”, “LINUX”, and “MAC”.
• architecture (str) – Architecture to be used. Valid values are “32”, “64”, and “OTHER”.
• sensor_type (str) – Sensor type to be used. Valid values are “WINDOWS”, “MAC”, “RHEL”, “UBUNTU”, “SUSE”, and “AMAZON_LINUX”.
• version (str) – Sensor version number to be used.

Returns:

A SensorType object with those specified values.

Return type:

SensorType

Raises:

ApiError – If an invalid value was used for one of the three limited values.

classmethod get_config_template(cb)

Retrieve the sample config.ini file with the properties populated from the server.

Parameters:cb (BaseAPI) – Reference to API object used to communicate with the server. Returns:Text of the sample configuration file. Return type:str

message = None

sensor_config_url = None

sensor_type = {}

sensor_url = None

class SensorKitQuery(doc_class, cb)

Bases: cbc_sdk.base.BaseQuery, cbc_sdk.base.CriteriaBuilderSupportMixin, cbc_sdk.base.IterableQueryMixin, cbc_sdk.base.AsyncQueryMixin

Query class used to read in SensorKit objects.

Initialize the SensorKitQuery.

Parameters:

• doc_class (class) – The model class that will be returned by this query.
• cb (BaseAPI) – Reference to API object used to communicate with the server.

add_sensor_kit_type(skit=None, **kwargs)

Add a sensor kit type to the request.

Parameters:

• skit (SensorKit) – The sensor kit type to be added to the request.
• **kwargs (dict) – If skit is None, the keyword arguments ‘device_type’, ‘architecture’, ‘sensor_type’, and ‘version’ are used to create the sensor kit type to be added.

Returns:

Reference to this object.

Return type:

SensorKitQuery

config_params(params)

Sets the configuration parameters for the sensor kit query request.

Parameters:params (str) – The text of a config.ini file with a list of sensor properties to configure on installation. Returns:Reference to this object. Return type:SensorKitQuery

expires(expiration_date_time)

Sets the expiration date and time for the sensor kit query request.

Parameters:expiration_date_time (str) – The time at which the sensor download link will expire, expressed as ISO 8601 UTC. Returns:Reference to this object. Return type:SensorKitQuery

cbc_sdk.workload.vm_workloads_search module

Model and Query Classes for VM Workloads Search API

class ComputeResource(cb, model_unique_id, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a ComputeResource object in the Carbon Black server.

Initialize the ComputeResource object.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• model_unique_id (str) – ID of the alert represented.
• initial_data (dict) – Initial data used to populate the alert.

classmethod bulk_install(cb, compute_resources, sensor_kit_types, config_file=None)

Install a sensor on a list of compute resources.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• compute_resources (list) – A list of ComputeResource objects used to specify compute resources to install sensors on.
• sensor_kit_types (list) – A list of SensorKit objects used to specify sensor types to choose from in installation.
• config_file (str) – The text of a config.ini file with a list of sensor properties to configure on installation.

Returns:

A dict with two members, ‘type’ and ‘code’, indicating the status of the installation.

Return type:

dict

classmethod bulk_install_by_id(cb, compute_resources, sensor_kit_types, config_file=None)

Install a sensor on a list of compute resources, specified by ID.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• compute_resources (list) – A list of dicts, each of which contains the keys ‘vcenter_id’ and ‘compute_resource_id’, specifying the compute resources to install sensors on.
• sensor_kit_types (list) – A list of SensorKit objects used to specify sensor types to choose from in installation.
• config_file (str) – The text of a config.ini file with a list of sensor properties to configure on installation.

Returns:

A dict with two members, ‘type’ and ‘code’, indicating the status of the installation.

Return type:

dict

install_sensor(sensor_version, config_file=None)

Install a sensor on this compute resource.

Parameters:

• sensor_version (str) – The version number of the sensor to be used.
• config_file (str) – The text of a config.ini file with a list of sensor properties to configure on installation.

Returns:

A dict with two members, ‘type’ and ‘code’, indicating the status of the installation.

Return type:

dict

Raises:

ApiError – If the compute node is not eligible or is of an invalid type.

primary_key = 'id'

urlobject = '/lcm/view/v1/orgs/{0}/compute_resources'

urlobject_single = '/lcm/view/v1/orgs/{0}/compute_resources/{1}'

class ComputeResourceQuery(doc_class, cb)

Bases: cbc_sdk.base.BaseQuery, cbc_sdk.base.QueryBuilderSupportMixin, cbc_sdk.base.CriteriaBuilderSupportMixin, cbc_sdk.base.IterableQueryMixin, cbc_sdk.base.AsyncQueryMixin

Represents a query that is used to locate ComputeResource objects.

Initialize the ComputeResource.

Parameters:

• doc_class (class) – The model class that will be returned by this query.
• cb (BaseAPI) – Reference to API object used to communicate with the server.

VALID_DIRECTIONS = ('ASC', 'DESC')

VALID_ELIGIBILITY = ('ELIGIBLE', 'NOT_ELIGIBLE', 'UNSUPPORTED')

VALID_INSTALLATION_STATUS = ('SUCCESS', 'ERROR', 'PENDING', 'NOT_INSTALLED')

VALID_OS_ARCHITECTURE = ('32', '64')

VALID_OS_TYPE = ('WINDOWS', 'RHEL', 'UBUNTU', 'SUSE', 'SLES', 'CENTOS', 'OTHER', 'AMAZON_LINUX', 'ORACLE')

set_appliance_uuid(appliance_uuid)

Restricts the search that this query is performed on to the specified appliance uuid.

Parameters:appliance_uuid (list) – List of string appliance uuids. Returns:This instance. Return type:ComputeResourceQuery

set_cluster_name(cluster_name)

Restricts the search that this query is performed on to the specified cluster name.

Parameters:cluster_name (list) – List of string cluster names. Returns:This instance. Return type:ComputeResourceQuery

set_eligibility(eligibility)

Restricts the search that this query is performed on to the specified eligibility.

Parameters:eligibility (list) – List of string eligibilities. Returns:This instance. Return type:ComputeResourceQuery

set_installation_status(installation_status)

Restricts the search that this query is performed on to the specified installation status.

Parameters:installation_status (list) – List of string installation status. Returns:This instance. Return type:ComputeResourceQuery

set_ip_address(ip_address)

Restricts the search that this query is performed on to the specified ip address.

Parameters:ip_address (list) – List of string ip addresses. Returns:This instance. Return type:ComputeResourceQuery

set_name(name)

Restricts the search that this query is performed on to the specified name.

Parameters:name (list) – List of string names. Returns:This instance. Return type:ComputeResourceQuery

set_os_architecture(os_architecture)

Restricts the search that this query is performed on to the specified os architecture.

Parameters:os_architecture (list) – List of string os architecture. Returns:This instance. Return type:ComputeResourceQuery

set_os_type(os_type)

Restricts the search that this query is performed on to the specified os type.

Parameters:os_type (list) – List of string os type. Returns:This instance. Return type:ComputeResourceQuery

set_uuid(uuid)

Restricts the search that this query is performed on to the specified uuid.

Parameters:uuid (list) – List of string uuid. Returns:This instance. Return type:ComputeResourceQuery

sort_by(key, direction='ASC')

Sets the sorting behavior on a query’s results.

Example

>>> cb.select(ComputeResource).sort_by("name")

Parameters:

• key (str) – The key in the schema to sort by.
• direction (str) – The sort order.

Returns:

This instance.

Return type:

ComputeResourceQuery

log = <Logger cbc_sdk.workload.vm_workloads_search (WARNING)>

type: Workloads Search model

cbc_sdk.workload.vulnerability_assessment module

Model and Query Classes for Vulnerability Assessment API

class AffectedAssetQuery(vulnerability, cb)

Bases: cbc_sdk.workload.vulnerability_assessment.VulnerabilityQuery

Query Class for the Vulnerability

Initialize the AffectedAssetQuery.

Parameters:

• vulnerability (class) – The vulnerability that will be returned by this query.
• cb (BaseAPI) – Reference to API object used to communicate with the server.

class DeviceVulnerability(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a DeviceVulnerability object in the Carbon Black server.

Initialize DeviceVulnerability

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• model_unique_id (str) – ID of the vulnerability represented.
• initial_data (dict) – Initial data used to populate the alert.

VALID_CATEGORY = ['OS', 'APP']

active_internet_breach = None

cvss_access_complexity = None

cvss_access_vector = None

cvss_authentication = None

cvss_availability_impact = None

cvss_confidentiality_impact = None

cvss_exploit_subscore = None

cvss_impact_subscore = None

cvss_integrity_impact = None

cvss_score = None

cvss_v3_exploit_subscore = None

cvss_v3_impact_subscore = None

cvss_v3_score = None

cvss_v3_vector = None

cvss_vector = None

easily_exploitable = None

classmethod get_vulnerability_summary_per_device(cb, device_id, category=None, vcenter_id=None)

Returns vulnerability summary at the device level

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• device_id (int) –
• category (str) (optional) category for which the vulnerability data is filtered (OS, APP) –
• vcenter_id (str) (optional) –

Returns:

summary for vulnerabilities per device

Return type:

dictinary

malware_exploitable = None

url_additional = 'devices/{}/vulnerabilities/summary'

urlobject = '/vulnerability/assessment/api/v1/orgs/{}/'

class DeviceVulnerabilityQuery(device, cb)

Bases: cbc_sdk.workload.vulnerability_assessment.VulnerabilityQuery

Query Class for the DeviceVulnerability

Initialize the DeviceVulnerabilityQuery.

Parameters:

• device (class) – The model class (Device) that will be returned by this query.
• cb (BaseAPI) – Reference to API object used to communicate with the server.

class OrganizationalVulnerability(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a OrganizationalVulnerability object in the Carbon Black server.

Variables:num_found – Number of matching devices

Initialize the OrganizationalVulnerability object.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• model_unique_id (int) – Not used by this class
• initial_data (dict) – dictionary of the data

num_found = None

result = []

url_additional = ''

urlobject = '/vulnerability/assessment/api/v1/orgs/{0}'

class Vulnerability(cb, model_unique_id, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a Vulnerability object in the Carbon Black server.

Initialize the Vulnerability object.

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• model_unique_id (str) – ID of the vulnerability represented.
• initial_data (dict) – Initial data used to populate the alert.

active_internet_breach = None

affected_assets(os_product_id)

Returns a list of Vulnerability objects associated with device.

Args;

os_product_id (str) operating system product ID

Returns:AffectedAssetQuery

cvss_access_complexity = None

cvss_access_vector = None

cvss_authentication = None

cvss_availability_impact = None

cvss_confidentiality_impact = None

cvss_exploit_subscore = None

cvss_impact_subscore = None

cvss_integrity_impact = None

cvss_score = None

cvss_v3_exploit_subscore = None

cvss_v3_impact_subscore = None

cvss_v3_score = None

cvss_v3_vector = None

cvss_vector = None

easily_exploitable = None

malware_exploitable = None

primary_key = 'cve_id'

url_additional = ''

urlobject = '/vulnerability/assessment/api/v1'

urlobject_single = '/vulnerability/assessment/api/v1/vulnerabilities/{}'

class VulnerabilityQuery(doc_class, cb)

Bases: cbc_sdk.base.BaseQuery, cbc_sdk.base.QueryBuilderSupportMixin, cbc_sdk.base.IterableQueryMixin, cbc_sdk.base.AsyncQueryMixin

Represents a query that is used to locate Vulnerabiltity objects.

Initialize the VulnerabilityQuery.

Parameters:

• doc_class (class) – The model class that will be returned by this query.
• cb (BaseAPI) – Reference to API object used to communicate with the server.

VALID_DEVICE_TYPE = ['WORKLOAD', 'ENDPOINT']

VALID_DIRECTIONS = ['ASC', 'DESC']

VALID_OS_TYPE = ['CENTOS', 'RHEL', 'SLES', 'UBUNTU', 'WINDOWS']

VALID_SEVERITY = ['CRITICAL', 'IMPORTANT', 'MODERATE', 'LOW']

VALID_SYNC_STATUS = ['NOT_STARTED', 'MATCHED', 'ERROR', 'NOT_MATCHED', 'NOT_SUPPORTED', 'CANCELLED', 'IN_PROGRESS', 'ACTIVE', 'COMPLETED']

VALID_SYNC_TYPE = ['MANUAL', 'SCHEDULED']

set_device_type(device_type, operator)

Restricts the vulnerabilities that this query is performed on to the specified device type.

Parameters:

• device_type (string) – device type (“WORKLOAD”, “ENDPOINT”)
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_highest_risk_score(highest_risk_score, operator)

Restricts the vulnerabilities that this query is performed on to the specified highest_risk_score.

Parameters:

• highest_risk_score (double) – highest_risk_score.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_last_sync_ts(last_sync_ts, operator)

Restricts the vulnerabilities that this query is performed on to the specified last_sync_ts.

Parameters:

• last_sync_ts (string) – last_sync_ts.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_name(name, operator)

Restricts the vulnerabilities that this query is performed on to the specified name.

Parameters:

• name (string) – name.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_arch(os_arch, operator)

Restricts the vulnerabilities that this query is performed on to the specified os_arch.

Parameters:

• os_arch (string) – os_arch.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_name(os_name, operator)

Restricts the vulnerabilities that this query is performed on to the specified os_name.

Parameters:

• os_name (string) – os_name.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_type(os_type, operator)

Restricts the vulnerabilities that this query is performed on to the specified os type.

Parameters:

• os_type (string) – os type (“CENTOS”, “RHEL”, “SLES”, “UBUNTU”, “WINDOWS”)
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_os_version(os_version, operator)

Restricts the vulnerabilities that this query is performed on to the specified os_version.

Parameters:

• os_version (string) – os_version.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_severity(severity, operator)

Restricts the vulnerabilities that this query is performed on to the specified severity.

Parameters:

• severity (string) – severity (“CRITICAL”, “IMPORTANT”, “MODERATE”, “LOW”)
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_sync_status(sync_status, operator)

Restricts the vulnerabilities that this query is performed on to the specified sync_status.

Parameters:

• sync_status (string) – sync_status (“NOT_STARTED”, “MATCHED”, “ERROR”, “NOT_MATCHED”, “NOT_SUPPORTED”, “CANCELLED”, “IN_PROGRESS”, “ACTIVE”, “COMPLETED”)
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_sync_type(sync_type, operator)

Restricts the vulnerabilities that this query is performed on to the specified sync_type.

Parameters:

• sync_type (string) – sync_type (“MANUAL”, “SCHEDULED”)
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_vcenter(vcenter_id)

Restricts the vulnerabilities that this query is performed on to the specified vcenter id.

Parameters:vcenter_id (string) – vcenter id. Returns:This instance. Return type:VulnerabilityQuery

set_vm_id(vm_id, operator)

Restricts the vulnerabilities that this query is performed on to the specified vm_id.

Parameters:

• vm_id (string) – vm_id.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

set_vuln_count(vuln_count, operator)

Restricts the vulnerabilities that this query is performed on to the specified vuln_count.

Parameters:

• vuln_count (string) – vuln_count.
• operator (string) – logic operator to apply to property value.

Returns:

This instance.

Return type:

VulnerabilityQuery

sort_by(key, direction='ASC')

Sets the sorting behavior on a query’s results.

Example

>>> cb.select(Vulnerabiltiy).sort_by("status")

Parameters:

• key (str) – The key in the schema to sort by.
• direction (str) – The sort order, either “ASC” or “DESC”.

Returns:

This instance.

Return type:

VulnerabilityQuery

Raises:

ApiError – If an invalid direction value is passed.

class VulnerabilitySummary(cb, model_unique_id=None, initial_data=None)

Bases: cbc_sdk.base.NewBaseModel

Represents a VulnerabilitySummary object in the Carbon Black server.

Variables:

• monitored_assets – Number of assets being monitored
• severity_summary – Information about vulnerabilities at each severity level

Initialize VulnerabilitySummary object

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• model_unique_id (int) – Not used by this class
• initial_data (dict) – dictionary of the data

VALID_SEVERITY = ['CRITICAL', 'IMPORTANT', 'MODERATE', 'LOW']

classmethod get_org_vulnerability_summary(cb, severity=None, vcenter_id=None)

Returns vulnerability summary at the organization level

Parameters:

• cb (BaseAPI) – Reference to API object used to communicate with the server.
• severity (str) – (optional) filters the vulnerability sumary per severity
• IMPORTANT, MODERATE, LOW) ((CRITICAL,) –
• vcenter_id (str) – (optional) filters the vulenerability per vcenter id

Returns:

monitored_assets and severity summary

Return type:

dict

monitored_assets = None

severity_summary = {}

url_additional = '/summary'

urlobject = '/vulnerability/assessment/api/v1/orgs/{0}'

log = <Logger cbc_sdk.workload.vulnerability_assessment (WARNING)>

Vulnerability models

Module contents