New cbapi release - Summer 2015

Posted on July 13, 2015

---

July 13, 2015

Major release with new features. New functions added to cbapi in this release include:

• Extended API - an easier way to use the cbapi
  • binary_search_iter - Query the binary datastore the same as binary_search, but returns an iterator over the results… for binary in binary_search_iter(...)
  • process_search_iter - Same as above, but for process_search
  • process_search_and_events_iter - Provides the event data for every process returned by process_search_iter
• User management functions
  • user_add_from_data - Adds a new authorized user into Cb
  • user_enum - Enumerates Cb’s user database
  • user_info - Retrieves information about one user from Cb
  • output_user_activity - Retrieves login activity from the Cb server
  • user_del - Deletes a user from Cb
• Feed API - see examples, such as feed_action_add.py
  • feed_action_enum - Enumerate the actions (log to syslog, create alert, etc.) associated with a feed
  • feed_action_add - Add an action associated with a feed
  • feed_action_update - Change an action associated with a feed
  • feed_action_del - Delete an action associated with a feed
• Events API - adding/removing events associated with Investigations
  • event_add - Add an event to an existing Cb investigation
  • event_info - Get information about an event in a current Cb investigation
  • event_update - Update information about an event in a Cb investigation
  • event_del - Delete an event from a Cb investigation
  • event_by_process_id - Get event information for a specific process in the Cb datastore
• Sensor API
  • get_builds - Get the build version information for the Windows sensors available on the server