def Run(computername): launch = Launch() args = launch.get_args() cbserverurl, cbapitoken = launch.load_cb_config(args.configfile) headers = {"X-Auth-Token": cbapitoken} resp = requests.get( cbserverurl + str("/api/v1/sensor?hostname=" + str(computername)), headers=headers, verify=False) return resp.json()
def Run(hashvalue): launch=Launch() args=launch.get_args() b9serverurl,b9apitoken=launch.load_b9_config(args.configfile) authJson={ 'X-Auth-Token': b9apitoken, 'content-type': 'application/json' } serverurl=b9serverurl+str("/api/bit9platform/v1/") md5url = serverurl+"fileCatalog?q=md5:" sha256url = serverurl+"fileCatalog?q=sha256:" b9StrongCert=False r = requests.get(md5url+hashvalue, headers=authJson, verify=b9StrongCert) r.raise_for_status() result = r.json() return result
import semanticnet as sn from Launch.Launch import Launch from Carbonblack.GetProcessReport import GetProcessReport from Helpers.CreateTimeTable import CreateTimeTable from Helpers.CreateTimeNodes import CreateTimeNodes from Helpers.AddFileMods import AddFileMods from Helpers.AddRegistryMods import AddRegistryMods from Helpers.AddNetConns import AddNetConns from Helpers.AddFileModThreatIntel import AddFileModThreatIntel from Helpers.AddModulesLoaded import AddModulesLoaded from Helpers.AddModulesLoadedThreatIntel import AddModulesLoadedThreatIntel if __name__ == '__main__': graph = sn.Graph() graph.cache_nodes_by("label") launch = Launch() if len(sys.argv) == 1: launch.show_options() sys.exit() launch.show_logo() args = launch.get_args() #load CB API cb = launch.load_config_file(args.configfile) #Get process report for CB link report = GetProcessReport.Run(cb, args.link) #Create a timetable timetable, timelist = CreateTimeTable.Run(report) #Create time nodes to plot process activity on CreateTimeNodes.Run(graph, timelist) #Add modules loaded to time nodes