Latest Updates: CB ThreatHunter App for Splunk 1.0.0 Released

Cb Response Command Line Interface



<< back to Showcase


Cb Response Command Line Interface

Published by ContextIS

View source code for this contribution

CbRCLI is a text-based interface for Cb Response. In environments where systems may be locked down (or should your incident responders prefer a more Linux command shell type interface) then CbRCLI would be the best way forward.

CbRCLI (currently) allows for the following:

  • Autocomplete of input and options
  • Searching across Processes, Binary and Sensor information
  • Choosing which columns to view in a dataset
  • Allowing for on-the-fly Regex filters to be applied to columns
  • Suppression of duplicate results
  • Saving of Search Query and dataset filters
  • Text and formatting options
  • Specify a search timeframe
  • Export of Results to a Tab Separated File
  • Summary of data frequency (Most & least common values)
  • Extended information on any result in a fieldset
  • List of all file modifications or network connections for a query result. (Colour coded for Write/Delete)
  • Ability to visualise the full process tree via a web browser using a quick launch based on row number
  • Directly open a LiveResponse shell to the endpoint

If you would like to see CbRCLI in action check out this video!

Last modified on November 17, 2017