Live Response API - Schemas
Command Body
directory list
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | directory list |
path
REQUIRED |
Full path to the directory on the remote device | String | N/A |
process list
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | process list |
create process
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | create process |
path
REQUIRED |
The path and command line of the executable on the remote device | String | N/A |
output_file
REQUIRED |
Full path to existing file where process output should be redirected | String | N/A |
wait
REQUIRED |
Wait or not for the process for complete | Boolean | N/A |
kill
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | kill |
pid
REQUIRED |
PID of the process to kill | Integer | N/A |
delete file
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | delete file |
path
REQUIRED |
Full path to the local file on the remote device | String | N/A |
get file
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | get file |
path
REQUIRED |
Full path to the file on the remote device | String | N/A |
offset
REQUIRED |
Offset from the start of the file | Integer | N/A |
get_count
REQUIRED |
Number of bytes to read | Integer | N/A |
put file
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | put file |
path
REQUIRED |
Full path to the file on the remote device | String | N/A |
file_id
REQUIRED |
File id retrieved from the Upload File to Carbon Black Cloud API call | String | N/A |
create directory
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | create directory |
path
REQUIRED |
Full path of the directory to be created on the remote device | String | N/A |
reg create key
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | reg create key |
path
REQUIRED |
Full path to the key in the registry on the remote device | String | N/A |
reg delete key
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | reg delete key |
path
REQUIRED |
Full path to the key in the registry on the remote device | String | N/A |
reg enum key
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | reg enum key |
path
REQUIRED |
Full path to the key in the registry on the remote device | String | N/A |
reg query value
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | reg query value |
path
REQUIRED |
Full path to the value in the registry on the remote device | String | N/A |
reg set value
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | reg set value |
path
REQUIRED |
Full path to the value in the registry on the remote device | String | N/A |
value_data
REQUIRED |
Value of the new registry value | String | N/A |
value_type
REQUIRED |
Type of the new registry value | String | pbREG_NONE, pbREG_SZ, pbREG_EXPAND_SZ, pbREG_BINARY, pbREG_DWORD, pbREG_DWORD_BIG_ENDIAN, pbREG_MULTI_SZ, pbREG_QWORD |
reg delete value
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | reg delete value |
path
REQUIRED |
Full path to the value in the registry on the remote device | String | N/A |
memdump
| Field | Definition | Data Type | Values |
|---|---|---|---|
name
REQUIRED |
Command being issued | String | memdump |
path
REQUIRED |
Full path to file on the remote device where the memory will be dumped. If the file exists, its content will be overwritten, else the file will be created | String | N/A |
Generic Command Response
| Field | Definition | Data Type | Values |
|---|---|---|---|
id
REQUIRED |
Id of issued command | Integer | N/A |
input
REQUIRED |
Command input containing more information based on the command submitted | Object | Command Response Schemas |
name
REQUIRED |
Command being issued as it was submitted by the create command request | String | Supported: directory list, process list, create process, kill, delete file, get file, put file, create directory, reg create key, reg delete key, reg enum key, reg query value, reg set value, reg delete value |
create_time
REQUIRED |
ISO 8601 UTC | String | Example: 2021-04-07T17:49:58.792Z |
finish_time
REQUIRED |
ISO 8601 UTC | String | Example: 2021-04-07T17:49:58.792Z |
result_code
REQUIRED |
Set to zero for successful execution, non-zero for errors | Integer | default: 0 |
result_desc
REQUIRED |
Result Description | String | N/A |
status
REQUIRED |
Issued command status | String | Supported: PENDING, RUNNING, COMPLETE, ERROR,CANCELLED |
| CommandObject | Response body for the specific issued command | Object | Command Response Schemas |
Command Response
directory list
| Field | Definition | Data Type | Values |
|---|---|---|---|
files |
List of file objects within specified directory | Array | files Schema |
process list
| Field | Definition | Data Type | Values |
|---|---|---|---|
processes |
List of process objects | Array | processes Schema |
create process
| Field | Definition | Data Type | Values |
|---|---|---|---|
process_details |
Details of listed process | Object | process_details Schema |
get file
| Field | Definition | Data Type | Values |
|---|---|---|---|
file_details |
Object containing file details | Object | file_details Schema |
reg enum key
| Field | Definition | Data Type | Values |
|---|---|---|---|
sub_keys |
Sub keys | String | N/A |
values |
Values | Array | values Schema |
reg query value
| Field | Definition | Data Type | Values |
|---|---|---|---|
value |
Query value | Object | value Schema |
memdump
| Field | Definition | Data Type | Values |
|---|---|---|---|
mem_dump |
Details of issued memdump | Object | mem_dump Schema |
Common Fields
files
| Field | Definition | Data Type | Values |
|---|---|---|---|
filename |
File name | String | N/A |
attributes |
File attributes | Array | N/A |
last_access_time |
Last time file was accessed | String | N/A |
last_write_time |
Last time file was modified | String | N/A |
alternate_name |
File alternate name | String | N/A |
create_time |
File create time | String | N/A |
processes
| Field | Definition | Data Type | Values |
|---|---|---|---|
process_pid |
Process id | Integer | N/A |
process_cmdline |
Process command line | String | N/A |
parent_pid |
Process id of parent process | Integer | N/A |
process_username |
Process username | String | N/A |
process_path |
Process path | String | N/A |
process_create_time |
Process create time | String | N/A |
sid |
Security id | String | N/A |
process_details
| Field | Definition | Data Type | Values |
|---|---|---|---|
pid |
Process id | Integer | N/A |
return_code |
Return code | Integer | N/A |
file_details
| Field | Definition | Data Type | Values |
|---|---|---|---|
file_id |
File id retrieved from the Upload File to Carbon Black Cloud API call | String | N/A |
offset |
Offset from the start of the file | Integer | N/A |
count |
Number of bytes to read | Integer | N/A |
values
| Field | Definition | Data Type | Values |
|---|---|---|---|
registry_type |
Registry type | String | N/A |
registry_name |
Registry name | String | N/A |
registry_data |
Registry data | String | N/A |
value
| Field | Definition | Data Type | Values |
|---|---|---|---|
registry_type |
Registry type | String | N/A |
registry_name |
Registry name | String | N/A |
registry_data |
Registry data | String | N/A |
mem_dump
| Field | Definition | Data Type | Values |
|---|---|---|---|
percentdone |
Percent done of memdump | Integer | N/A |
return_code |
Return code | Integer | N/A |
Last modified on October 26, 2021