Posted on January 11, 2017
We are proud to announce that CbAPI 1.0 is now available for installation via Python’s PyPI.
cbapi provides a straightforward interface to the App Control and EDR REST APIs. This library provides a Pythonic layer to access the raw power of the REST APIs of both products, making it trivial to do the easy stuff and handling all of the “sharp corners” behind the scenes for you.
If you haven’t seen or worked with cbapi since its 0.9 pre-release, there are a lot of enhancements and features now available in 1.0! Just to pick a few:
Enhanced Live Response API
The new cbapi now provides a robust interface to the EDR Live Response capability. Easily create Live Response sessions, initiate commands on remote hosts, and pull down data as necessary to make your Incident Response process much more efficient and automated.
Consistent API for both EDR and App Control platforms
We now support EDR and App Control users in the same API layer. Even better, the object model is the same for both; if you know one API you can easily transition to the other. cbapi hides all the differences between the two REST APIs behind a single, consistent Python-like interface.
cbapi now provides a built in caching layer to reduce the query load on the Carbon Black server. This is especially useful when taking advantage of cbapi’s new “joining” features. You can transparently access, for example, the binary associated with a given process in App Control. Since many processes may be associated with the same binary, it does not make sense to repeatedly request the same binary information from the server over and over again. Therefore cbapi now caches this information to avoid unnecessary requests.
cbapi now provides a friendly - dare I say “fun” - interface to the data. This greatly improves developer productivity and lowers the bar to entry.
Python 3 and Python 2 compatible
Better support for multiple Cb servers
cbapi now introduces the concept of Credential Profiles; named collections of URL, API keys, and optional proxy configuration for connecting to any number of App Control or EDR servers.
In addition, we have greatly expanded the documentation available for cbapi. Full documentation, including code examples, user guides, and an API reference are available at https://cbapi.readthedocs.io.
For a quick overview of the new features, check out the presentations available at our Speaker Deck page.
We hope you’ll try out the new release and look forward to seeing the great scripts, integrations, and tools you build using Carbon Black!