Live Response API - Schemas - Carbon Black Developer Network

Live Response API - Schemas

Command Body

directory list

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`directory list`
`path` REQUIRED	Full path to the directory on the remote device	String	N/A

process list

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`process list`

create process

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`create process`
`path` REQUIRED	The path and command line of the executable on the remote device	String	N/A
`output_file` REQUIRED	Full path to existing file where process output should be redirected	String	N/A
`wait` REQUIRED	Wait or not for the process for complete	Boolean	N/A

kill

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`kill`
`pid` REQUIRED	PID of the process to kill	Integer	N/A

delete file

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`delete file`
`path` REQUIRED	Full path to the local file on the remote device	String	N/A

get file

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`get file`
`path` REQUIRED	Full path to the file on the remote device	String	N/A
`offset` REQUIRED	Offset from the start of the file	Integer	N/A
`get_count` REQUIRED	Number of bytes to read	Integer	N/A

put file

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`put file`
`path` REQUIRED	Full path to the file on the remote device	String	N/A
`file_id` REQUIRED	File id retrieved from the Upload File to Carbon Black Cloud API call	String	N/A

create directory

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`create directory`
`path` REQUIRED	Full path of the directory to be created on the remote device	String	N/A

reg create key

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`reg create key`
`path` REQUIRED	Full path to the key in the registry on the remote device	String	N/A

reg delete key

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`reg delete key`
`path` REQUIRED	Full path to the key in the registry on the remote device	String	N/A

reg enum key

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`reg enum key`
`path` REQUIRED	Full path to the key in the registry on the remote device	String	N/A

reg query value

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`reg query value`
`path` REQUIRED	Full path to the value in the registry on the remote device	String	N/A

reg set value

Note: If you are using pbREG_BINARY ensure the value_data is base64 encoded as this is required for transfering the data to the sensor and setting the registry value in the OS.

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`reg set value`
`path` REQUIRED	Full path to the value in the registry on the remote device	String	N/A
`value_data` REQUIRED	Value of the new registry value	String	N/A
`value_type` REQUIRED	Type of the new registry value	String	`pbREG_NONE`, `pbREG_SZ`, `pbREG_EXPAND_SZ`, `pbREG_BINARY`, `pbREG_DWORD`, `pbREG_DWORD_BIG_ENDIAN`, `pbREG_MULTI_SZ`, `pbREG_QWORD`

reg delete value

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`reg delete value`
`path` REQUIRED	Full path to the value in the registry on the remote device	String	N/A

memdump

Field	Definition	Data Type	Values
`name` REQUIRED	Command being issued	String	`memdump`
`path` REQUIRED	Full path to file on the remote device where the memory will be dumped. If the file exists, its content will be overwritten, else the file will be created	String	N/A

Generic Command Response

Field	Definition	Data Type	Values
`id` REQUIRED	Id of issued command	Integer	N/A
`input` REQUIRED	Command input containing more information based on the command submitted	Object	Command Response Schemas
`name` REQUIRED	Command being issued as it was submitted by the create command request	String	Supported: `directory list`, `process list`, `create process`, `kill`, `delete file`, `get file`, `put file`, `create directory`, `reg create key`, `reg delete key`, `reg enum key`, `reg query value`, `reg set value`, `reg delete value`
`create_time` REQUIRED	ISO 8601 UTC	String	Example: `2021-04-07T17:49:58.792Z`
`finish_time` REQUIRED	ISO 8601 UTC	String	Example: `2021-04-07T17:49:58.792Z`
`result_code` REQUIRED	Set to zero for successful execution, non-zero for errors	Integer	default: 0
`result_desc` REQUIRED	Result Description	String	N/A
`status` REQUIRED	Issued command status	String	Supported: `PENDING`, `RUNNING`, `COMPLETE`, `ERROR`,`CANCELLED`
CommandObject	Response body for the specific issued command	Object	Command Response Schemas

Command Response

directory list

Field	Definition	Data Type	Values
`files`	List of file objects within specified directory	Array	files Schema

process list

Field	Definition	Data Type	Values
`processes`	List of process objects	Array	processes Schema

create process

Field	Definition	Data Type	Values
`process_details`	Details of listed process	Object	process_details Schema

get file

Field	Definition	Data Type	Values
`file_details`	Object containing file details	Object	file_details Schema

reg enum key

Field	Definition	Data Type	Values
`sub_keys`	Sub keys	String	N/A
`values`	Values	Array	values Schema

reg query value

Field	Definition	Data Type	Values
`value`	Query value	Object	value Schema

memdump

Field	Definition	Data Type	Values
`mem_dump`	Details of issued memdump	Object	mem_dump Schema

Common Fields

files

Field	Definition	Data Type	Values
`filename`	File name	String	N/A
`attributes`	File attributes	Array	N/A
`last_access_time`	Last time file was accessed	String	N/A
`last_write_time`	Last time file was modified	String	N/A
`alternate_name`	File alternate name	String	N/A
`create_time`	File create time	String	N/A

processes

Field	Definition	Data Type	Values
`process_pid`	Process id	Integer	N/A
`process_cmdline`	Process command line	String	N/A
`parent_pid`	Process id of parent process	Integer	N/A
`process_username`	Process username	String	N/A
`process_path`	Process path	String	N/A
`process_create_time`	Process create time	String	N/A
`sid`	Security id	String	N/A

process_details

Field	Definition	Data Type	Values
`pid`	Process id	Integer	N/A
`return_code`	Return code	Integer	N/A

file_details

Field	Definition	Data Type	Values
`file_id`	File id retrieved from the Upload File to Carbon Black Cloud API call	String	N/A
`offset`	Offset from the start of the file	Integer	N/A
`count`	Number of bytes to read	Integer	N/A

values

Field	Definition	Data Type	Values
`registry_type`	Registry type	String	N/A
`registry_name`	Registry name	String	N/A
`registry_data`	Registry data	String	N/A

value

Field	Definition	Data Type	Values
`registry_type`	Registry type	String	N/A
`registry_name`	Registry name	String	N/A
`registry_data`	Registry data	String	N/A

mem_dump

Field	Definition	Data Type	Values
`percentdone`	Percent done of memdump	Integer	N/A
`return_code`	Return code	Integer	N/A

Last modified on March 10, 2025