CB ThreatHunter API

This page documents the public interfaces exposed by cbapi when communicating with a Carbon Black Cloud ThreatHunter server.

Main Interface

To use cbapi with Carbon Black ThreatHunter, you use CbThreatHunterAPI objects. These objects expose two main methods to access data on the ThreatHunter server: select and create.

cbapi.psc.threathunter.rest_api.CbThreatHunterAPI

Queries

The ThreatHunter API uses QueryBuilder instances to construct structured or unstructured (i.e., raw string) queries. You can either construct these instances manually, or allow CbThreatHunterAPI.select() to do it for you:

cbapi.psc.threathunter.query.QueryBuilder

cbapi.psc.threathunter.query.Query

cbapi.psc.threathunter.models.AsyncProcessQuery

cbapi.psc.threathunter.query.FeedQuery

cbapi.psc.threathunter.query.ReportQuery

cbapi.psc.threathunter.query.WatchlistQuery

Models

cbapi.psc.threathunter.models.Process

cbapi.psc.threathunter.models.Event

cbapi.psc.threathunter.models.Tree

cbapi.psc.threathunter.models.Feed

cbapi.psc.threathunter.models.Report

cbapi.psc.threathunter.models.IOC

cbapi.psc.threathunter.models.IOC_V2

cbapi.psc.threathunter.models.Watchlist

cbapi.psc.threathunter.models.ReportSeverity

cbapi.psc.threathunter.models.Binary

cbapi.psc.threathunter.models.Downloads

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

threathunter-api.rst

threathunter-api.rst

CB ThreatHunter API

Main Interface

Queries

Models

Files

threathunter-api.rst

Latest commit

History

threathunter-api.rst

File metadata and controls

CB ThreatHunter API

Main Interface

Queries

Models