Here we’ve listed a collection of tutorials, recorded demonstrations and other resources we think will be useful to get the most out of the Carbon Black Cloud Python SDK.
Audience for These Guides
In general, and unless otherwise indicated, these guides are directed at those that:
Have a working knowledge of Python.
Have a basic understanding of what the Carbon Black Cloud does, and its basic terminology such as events, alerts, and watchlists.
Need information to update to new versions of the SDK when enhanced features are released.
Certain guides may be more geared towards audiences with more experience with the Carbon Black Cloud, such as administrators.
Information about updating to new versions of the SDK to take advantage of new features in Carbon Black Cloud are in Migration Guides.
- Asset Groups
- Audit Log Events
- Developing New Credential Providers
- Device Control
- Differential Analysis
- Live Query
- Live Response
- Reputation Override
- Unified Binary Store
- Users and Grants
- Watchlists, Feeds, Reports, and IOCs
Searching - Most operations in the SDK will require you to search for objects.
Alerts - Work and manage different types of alerts such as CB Analytics Alert, Watchlist Alerts and Device Control Alerts.
Asset Groups - Create and modify Asset Groups, and preview the impact changes to policy ranking or asset group definition will have.
Alert Migration - Update from SDK 1.4.3 or earlier to SDK 1.5.0 or later to get the benefits of the Alerts v7 API.
Audit Log Events - Retrieve audit log events indicating various “system” events.
Device Control - Control the blocking of USB devices on endpoints.
Differential Analysis - Provides the ability to compare and understand the changes between two Live Query runs
Live Query - Live Query allows operators to ask questions of endpoints
Live Response - Live Response allows security operators to collect information and take action on remote endpoints in real time.
Notifications to Alerts Migration - Update from Notifications to Alerts in SDK 1.5.0 or later to get the benefits of the Alerts v7 API.
Policy - Use policies to define and prioritize rules for how applications can behave on groups of assets
Recommendations - Work with Endpoint Standard recommendations for reputation override.
Reputation Override - Manage reputation overrides for known applications, IT tools or certs.
Unified Binary Store - The unified binary store (UBS) is responsible for storing all binaries and corresponding metadata for those binaries.
Users and Grants - Work with users and access grants.
Vulnerabilities - View asset (Endpoint or Workload) vulnerabilities to increase security visibility.
Watchlists, Feeds, Reports, and IOCs - Work with Enterprise EDR watchlists, feeds, reports, and Indicators of Compromise (IOCs).
Workloads - Advanced protection purpose-built for securing modern workloads to reduce the attack surface and strengthen security posture.
- Alert Migration
- Migration Guide For Live Response From v3 To v6
- Notifications to Alerts Migration
- Porting Applications from CBAPI to Carbon Black Cloud SDK