This page documents the public interfaces exposed by cbapi when communicating with a Carbon Black Cloud ThreatHunter server.
To use cbapi with Carbon Black ThreatHunter, you use CbThreatHunterAPI objects. These objects expose two main methods to access data on the ThreatHunter server: select
and create
.
cbapi.psc.threathunter.rest_api.CbThreatHunterAPI
The ThreatHunter API uses QueryBuilder instances to construct structured or unstructured (i.e., raw string) queries. You can either construct these instances manually, or allow CbThreatHunterAPI.select()
to do it for you:
cbapi.psc.threathunter.query.QueryBuilder
cbapi.psc.threathunter.query.Query
cbapi.psc.threathunter.models.AsyncProcessQuery
cbapi.psc.threathunter.query.FeedQuery
cbapi.psc.threathunter.query.ReportQuery
cbapi.psc.threathunter.query.WatchlistQuery
cbapi.psc.threathunter.models.Process
cbapi.psc.threathunter.models.Event
cbapi.psc.threathunter.models.Tree
cbapi.psc.threathunter.models.Feed
cbapi.psc.threathunter.models.Report
cbapi.psc.threathunter.models.IOC
cbapi.psc.threathunter.models.IOC_V2
cbapi.psc.threathunter.models.Watchlist
cbapi.psc.threathunter.models.ReportSeverity
cbapi.psc.threathunter.models.Binary
cbapi.psc.threathunter.models.Downloads