CbAPI Live Response Guide

Carbon Black EDR (Endpoint Detection and Response) is the new name for the product formerly called CB Response.

CB API Live Response

First lets import all the modules necessary to use the Live Response functionality within CbAPI

from cbapi.response import CbEnterpriseResponseAPI
from cbapi.response.models import Sensor

Now create an EDR API object.

c = CbEnterpriseResponseAPI()

Using python’s with statement, we can create a live response session. Anything within this block can use the Live Response Session object and the session will be kept alive automatically.

with c.select(Sensor, 1).lr_session() as lr_session:

File Operations

lr_session.delete_file('C:\test.txt')
lr_session.put_file('this is the file content', r"C:\test.txt")
lr_session.get_file(r"C:\test.txt")

Give Feedback

Use this form to give us feedback about this site or any of the documentation.

Last modified on May 18, 2021

Carbon Black EDR

Page Contents