Guides
Here we’ve listed a collection of tutorials, recorded demonstrations and other resources we think will be useful to get the most out of the Carbon Black Cloud Python SDK.
Audience for These Guides
In general, and unless otherwise indicated, these guides are directed at those that:
Have a working knowledge of Python.
Have a basic understanding of what the Carbon Black Cloud does, and its basic terminology such as events, alerts, and watchlists.
Certain guides may be more geared towards audiences with more experience with the Carbon Black Cloud, such as administrators.
Information about updating to new versions of the SDK to take advantage of new features in Carbon Black Cloud are in Migration Guides.
Feature Guides
- Searching
- Alerts
- Resources
- Retrieve Alerts
- Retrieving Alerts for Multiple Organizations
- Retrieving Observations to Provide Context About an Alert
- Retrieving Processes to Provide Context About an Alert
- Device Control Alerts
- Container Runtime Alerts
- Migrating from Notifications to Alerts
- High Volume and Streaming Solution for Alerts
- Audit Log Events
- Developing New Credential Providers
- Device Control
- Differential Analysis
- Live Query
- Live Response
- Policy
- Recommendations
- Reputation Override
- Unified Binary Store
- Users and Grants
- Vulnerabilities
- Watchlists, Feeds, Reports, and IOCs
- Workloads
Searching - Most operations in the SDK will require you to search for objects.
Alerts - Work and manage different types of alerts such as CB Analytics Alert, Watchlist Alerts and Device Control Alerts.
Alert Migration - Update from SDK 1.4.3 or earlier to SDK 1.5.0 or later to get the benefits of the Alerts v7 API.
Audit Log Events - Retrieve audit log events indicating various “system” events.
Device Control - Control the blocking of USB devices on endpoints.
Differential Analysis - Provides the ability to compare and understand the changes between two Live Query runs
Live Query - Live Query allows operators to ask questions of endpoints
Live Response - Live Response allows security operators to collect information and take action on remote endpoints in real time.
Policy - Use policies to define and prioritize rules for how applications can behave on groups of assets
Recommendations - Work with Endpoint Standard recommendations for reputation override.
Reputation Override - Manage reputation overrides for known applications, IT tools or certs.
Unified Binary Store - The unified binary store (UBS) is responsible for storing all binaries and corresponding metadata for those binaries.
Users and Grants - Work with users and access grants.
Vulnerabilities - View asset (Endpoint or Workload) vulnerabilities to increase security visibility.
Watchlists, Feeds, Reports, and IOCs - Work with Enterprise EDR watchlists, feeds, reports, and Indicators of Compromise (IOCs).
Workloads - Advanced protection purpose-built for securing modern workloads to reduce the attack surface and strengthen security posture.