Cb Response

Enterprise Response Guides

Just Starting Out

Our API Bindings are written in Python 2. We recommend learning the basics of python before continuing. Python is very easy to learn. Here are some resources to help get you started.

I know basic Python, now what? Learn by example

  1. Cb Response REST API QuickStart

    Our Quickstart guide is a great place to start for anyone. If you want to get your feet wet with out REST API, definitely check this out first. It will walkthrough the basics of what you need to work with our REST API.

  2. Cb Response Python API Examples

    We recommend taking a look at our Cb Response Python API (CbAPI) and the list of example scripts. Likely, there will be an existing script that already matches your use case.

  3. Development Environment Setup

    Once you have found a script that can be used for your use case, check out our video on setting up your development environment. This video will guide you through installing all the necessary tools needed for the CbAPI.

  4. Report Generation Example

    Need to generate reports? Our incident reporting script is a good example of how to accomplish this use case, while also being a good example of using the Cb Response REST APIs.

  5. Learn from our Integrations

    At Carbon Black we firmly believe in open APIs and code sharing. We try to open source all of our integrations so others can learn and modify our code to fit their specific use case. Here is a list of our open source integrations:

Vendor Type
Yara Binary Detonation
LastLine Binary Detonation
Cyphort Binary Detonation
Bluecoat Binary Detonation
iSIGHT Threat Intelligence
InfoBlox Threat Intelligence
ThreatConnect Threat Intelligence
STIX/TAXII Threat Intelligence
ThreatExchange Threat Intelligence
IBM Qradar SIEM Integration
Splunk Active Response App SIEM Integration

Advanced Use Cases

Need something more advanced or requires talking to the Cb Response Messaging Bus? The Event Forwarder is used to forward events into a SIEM or custom framework using the Cb Response Messaging Bus, its source code is valuable for learning how to interface with the Cb Response Messaging Bus elegantly and efficiently. If you are doing something that can’t easily be mapped by one of integrations or example scripts, we’d love to hear about it. Feel free to contact us.

Integration Description
Event Forwarder Connector/API Forward events
Event Duplicator Duplicate Cb Response events
Duo SAML Login Provider Service 2 Factor Auth
Cb Response App for Splunk Splunk App
Last modified on March 1, 2016