Guides and Resources

Here we’ve listed a collection of tutorials, recorded demonstrations and other resources we think will be useful to get the most out of the Carbon Black Cloud Python SDK.

Audience for These Guides

In general, and unless otherwise indicated, these guides are directed at those that:

  • Have a working knowledge of Python.
  • Have a basic understanding of what the Carbon Black Cloud does, and its basic terminology such as events, alerts, and watchlists.

Certain guides may be more geared towards audiences with more experience with the Carbon Black Cloud, such as administrators.

Recordings

Demonstrations are found on our YouTube channel.

A recent highlight shows how to schedule Audit and Remediation Tasks.

Guides

  • Alerts - Work and manage different types of alerts such as CB Analytics Alert, Watchlist Alerts and Device Control Alerts.
  • Device Control - Control the blocking of USB devices on endpoints.
  • Live Query - Live Query allows operators to ask questions of endpoints
  • Live Response - Live Response allows security operators to collect information and take action on remote endpoints in real time.
  • Recommendations - Work with Endpoint Standard recommendations for reputation override.
  • Reputation Override - Manage reputation overrides for known applications, IT tools or certs.
  • Unified Binary Store - The unified binary store (UBS) is responsible for storing all binaries and corresponding metadata for those binaries.
  • Users and Grants - Work with users and access grants.
  • Managing Vulnerabilities - View asset (Endpoint or Workload) vulnerabilities to increase security visibility.
  • Watchlists, Feeds, Reports, and IOCs - Work with Enterprise EDR watchlists, feeds, reports, and Indicators of Compromise (IOCs).
  • VM Workloads Search Guide and Examples - Advanced protection purpose-built for securing modern workloads to reduce the attack surface and strengthen security posture.

Examples

The GitHub repository also has some example scripts which will help you get started using the SDK.