Live Response API - Schemas

Command Body

directory list

Field Definition Data Type Values
name
REQUIRED
Command being issued String directory list
path
REQUIRED
Full path to the directory on the remote device String N/A

process list

Field Definition Data Type Values
name
REQUIRED
Command being issued String process list

create process

Field Definition Data Type Values
name
REQUIRED
Command being issued String create process
path
REQUIRED
The path and command line of the executable on the remote device String N/A
output_file
REQUIRED
Full path to existing file where process output should be redirected String N/A
wait
REQUIRED
Wait or not for the process for complete Boolean N/A

kill

Field Definition Data Type Values
name
REQUIRED
Command being issued String kill
pid
REQUIRED
PID of the process to kill Integer N/A

delete file

Field Definition Data Type Values
name
REQUIRED
Command being issued String delete file
path
REQUIRED
Full path to the local file on the remote device String N/A

get file

Field Definition Data Type Values
name
REQUIRED
Command being issued String get file
path
REQUIRED
Full path to the file on the remote device String N/A
offset
REQUIRED
Offset from the start of the file Integer N/A
get_count
REQUIRED
Number of bytes to read Integer N/A

put file

Field Definition Data Type Values
name
REQUIRED
Command being issued String put file
path
REQUIRED
Full path to the file on the remote device String N/A
file_id
REQUIRED
File id retrieved from the Upload File to Carbon Black Cloud API call String N/A

create directory

Field Definition Data Type Values
name
REQUIRED
Command being issued String create directory
path
REQUIRED
Full path of the directory to be created on the remote device String N/A

reg create key

Field Definition Data Type Values
name
REQUIRED
Command being issued String reg create key
path
REQUIRED
Full path to the key in the registry on the remote device String N/A

reg delete key

Field Definition Data Type Values
name
REQUIRED
Command being issued String reg delete key
path
REQUIRED
Full path to the key in the registry on the remote device String N/A

reg enum key

Field Definition Data Type Values
name
REQUIRED
Command being issued String reg enum key
path
REQUIRED
Full path to the key in the registry on the remote device String N/A

reg query value

Field Definition Data Type Values
name
REQUIRED
Command being issued String reg query value
path
REQUIRED
Full path to the value in the registry on the remote device String N/A

reg set value

Field Definition Data Type Values
name
REQUIRED
Command being issued String reg set value
path
REQUIRED
Full path to the value in the registry on the remote device String N/A
value_data
REQUIRED
Value of the new registry value String N/A
value_type
REQUIRED
Type of the new registry value String pbREG_NONE, pbREG_SZ, pbREG_EXPAND_SZ, pbREG_BINARY, pbREG_DWORD, pbREG_DWORD_BIG_ENDIAN, pbREG_MULTI_SZ, pbREG_QWORD

reg delete value

Field Definition Data Type Values
name
REQUIRED
Command being issued String reg delete value
path
REQUIRED
Full path to the value in the registry on the remote device String N/A

memdump

Field Definition Data Type Values
name
REQUIRED
Command being issued String memdump
path
REQUIRED
Full path to file on the remote device where the memory will be dumped. If the file exists, its content will be overwritten, else the file will be created String N/A

Generic Command Response

Field Definition Data Type Values
id
REQUIRED
Id of issued command Integer N/A
input
REQUIRED
Command input containing more information based on the command submitted Object Command Response Schemas
name
REQUIRED
Command being issued as it was submitted by the create command request String Supported: directory list, process list, create process, kill, delete file, get file, put file, create directory, reg create key, reg delete key, reg enum key, reg query value, reg set value, reg delete value
create_time
REQUIRED
ISO 8601 UTC String Example: 2021-04-07T17:49:58.792Z
finish_time
REQUIRED
ISO 8601 UTC String Example: 2021-04-07T17:49:58.792Z
result_code
REQUIRED
Set to zero for successful execution, non-zero for errors Integer default: 0
result_desc
REQUIRED
Result Description String N/A
status
REQUIRED
Issued command status String Supported: PENDING, RUNNING, COMPLETE, ERROR,CANCELLED
CommandObject Response body for the specific issued command Object Command Response Schemas

Command Response

directory list

Field Definition Data Type Values
files List of file objects within specified directory Array files Schema

process list

Field Definition Data Type Values
processes List of process objects Array processes Schema

create process

Field Definition Data Type Values
process_details Details of listed process Object process_details Schema

get file

Field Definition Data Type Values
file_details Object containing file details Object file_details Schema

reg enum key

Field Definition Data Type Values
sub_keys Sub keys String N/A
values Values Array values Schema

reg query value

Field Definition Data Type Values
value Query value Object value Schema

memdump

Field Definition Data Type Values
mem_dump Details of issued memdump Object mem_dump Schema

Common Fields

files

Field Definition Data Type Values
filename File name String N/A
attributes File attributes Array N/A
last_access_time Last time file was accessed String N/A
last_write_time Last time file was modified String N/A
alternate_name File alternate name String N/A
create_time File create time String N/A

processes

Field Definition Data Type Values
process_pid Process id Integer N/A
process_cmdline Process command line String N/A
parent_pid Process id of parent process Integer N/A
process_username Process username String N/A
process_path Process path String N/A
process_create_time Process create time String N/A
sid Security id String N/A

process_details

Field Definition Data Type Values
pid Process id Integer N/A
return_code Return code Integer N/A

file_details

Field Definition Data Type Values
file_id File id retrieved from the Upload File to Carbon Black Cloud API call String N/A
offset Offset from the start of the file Integer N/A
count Number of bytes to read Integer N/A

values

Field Definition Data Type Values
registry_type Registry type String N/A
registry_name Registry name String N/A
registry_data Registry data String N/A

value

Field Definition Data Type Values
registry_type Registry type String N/A
registry_name Registry name String N/A
registry_data Registry data String N/A

mem_dump

Field Definition Data Type Values
percentdone Percent done of memdump Integer N/A
return_code Return code Integer N/A

Last modified on October 26, 2021