CbResponse Command Line Interface

CbRCLI is a text-based interface for EDR. In environments where systems may be locked down (or should your incident responders prefer a more Linux command shell type interface), then CbRCLI would be the best way forward.

CbRCLI (currently) allows for the following:

• Autocomplete of input and options
• Searching across Processes, Binary and Sensor information
• Choosing which columns to view in a dataset
• Allowing for on-the-fly Regex filters to be applied to columns
• Suppression of duplicate results
• Saving of Search Query and dataset filters
• Text and formatting options
• Specify a search timeframe
• Export of Results to a Tab Separated File
• Summary of data frequency (Most & least common values)
• Extended information on any result in a fieldset
• List of all file modifications or network connections for a query result. (Colour coded for Write/Delete)
• Ability to visualise the full process tree via a web browser using a quick launch based on row number
• Directly open a LiveResponse shell to the endpoint

If you would like to see CbRCLI in action check out this video!