Here we’ve listed a collection of tutorials, recorded demonstrations and other resources we think will be useful to get the most out of the Carbon Black Cloud Python SDK.

Audience for These Guides

In general, and unless otherwise indicated, these guides are directed at those that:

  • Have a working knowledge of Python.

  • Have a basic understanding of what the Carbon Black Cloud does, and its basic terminology such as events, alerts, and watchlists.

  • Need information to update to new versions of the SDK when enhanced features are released.

Certain guides may be more geared towards audiences with more experience with the Carbon Black Cloud, such as administrators.

Information about updating to new versions of the SDK to take advantage of new features in Carbon Black Cloud are in Migration Guides.

Feature Guides

  • Searching - Most operations in the SDK will require you to search for objects.

  • Alerts - Work and manage different types of alerts such as CB Analytics Alert, Watchlist Alerts and Device Control Alerts.

  • Asset Groups - Create and modify Asset Groups, and preview the impact changes to policy ranking or asset group definition will have.

  • Alert Migration - Update from SDK 1.4.3 or earlier to SDK 1.5.0 or later to get the benefits of the Alerts v7 API.

  • Audit Log Events - Retrieve audit log events indicating various “system” events.

  • Compliance Benchmarks - Search and validate Compliance Benchmarks.

  • Devices - Search for, get information about, and act on endpoints.

  • Device Control - Control the blocking of USB devices on endpoints.

  • Differential Analysis - Provides the ability to compare and understand the changes between two Live Query runs

  • Live Query - Live Query allows operators to ask questions of endpoints

  • Live Response - Live Response allows security operators to collect information and take action on remote endpoints in real time.

  • Notifications to Alerts Migration - Update from Notifications to Alerts in SDK 1.5.0 or later to get the benefits of the Alerts v7 API.

  • Policy - Use policies to define and prioritize rules for how applications can behave on groups of assets

  • Recommendations - Work with Endpoint Standard recommendations for reputation override.

  • Reputation Override - Manage reputation overrides for known applications, IT tools or certs.

  • Unified Binary Store - The unified binary store (UBS) is responsible for storing all binaries and corresponding metadata for those binaries.

  • Users and Grants - Work with users and access grants.

  • Vulnerabilities - View asset (Endpoint or Workload) vulnerabilities to increase security visibility.

  • Watchlists, Feeds, Reports, and IOCs - Work with Enterprise EDR watchlists, feeds, reports, and Indicators of Compromise (IOCs).

  • Workloads - Advanced protection purpose-built for securing modern workloads to reduce the attack surface and strengthen security posture.

Migration Guides