Latest Updates: CbAPI 1.4.0 Released

New cbapi release - Summer 2015

Posted on July 13, 2015


July 13, 2015

Major release with new features. New functions added to cbapi in this release include:

  • Extended API - an easier way to use the cbapi
    • binary_search_iter - Query the binary datastore the same as binary_search, but returns an iterator over the results… for binary in binary_search_iter(...)
    • process_search_iter - Same as above, but for process_search
    • process_search_and_events_iter - Provides the event data for every process returned by process_search_iter
  • User management functions
    • user_add_from_data - Adds a new authorized user into Cb
    • user_enum - Enumerates Cb’s user database
    • user_info - Retrieves information about one user from Cb
    • output_user_activity - Retrieves login activity from the Cb server
    • user_del - Deletes a user from Cb
  • Feed API - see examples, such as feed_action_add.py
    • feed_action_enum - Enumerate the actions (log to syslog, create alert, etc.) associated with a feed
    • feed_action_add - Add an action associated with a feed
    • feed_action_update - Change an action associated with a feed
    • feed_action_del - Delete an action associated with a feed
  • Events API - adding/removing events associated with Investigations
    • event_add - Add an event to an existing Cb investigation
    • event_info - Get information about an event in a current Cb investigation
    • event_update - Update information about an event in a Cb investigation
    • event_del - Delete an event from a Cb investigation
    • event_by_process_id - Get event information for a specific process in the Cb datastore
  • Sensor API
    • get_builds - Get the build version information for the Windows sensors available on the server