This page documents the public interfaces exposed by cbapi when communicating with a VMware Carbon Black Cloud Enterprise EDR server.
To use cbapi with Enterprise EDR, you use CbThreatHunterAPI objects. These objects expose two main methods to access data on the Enterprise EDR server: select
and create
.
cbapi.psc.threathunter.rest_api.CbThreatHunterAPI
The Enterprise EDR API uses QueryBuilder instances to construct structured or unstructured (i.e., raw string) queries. You can either construct these instances manually, or allow CbThreatHunterAPI.select()
to do it for you:
cbapi.psc.threathunter.query.QueryBuilder
cbapi.psc.threathunter.query.Query
cbapi.psc.threathunter.models.AsyncProcessQuery
cbapi.psc.threathunter.query.FeedQuery
cbapi.psc.threathunter.query.ReportQuery
cbapi.psc.threathunter.query.WatchlistQuery
cbapi.psc.threathunter.models.Process
cbapi.psc.threathunter.models.Event
cbapi.psc.threathunter.models.Tree
cbapi.psc.threathunter.models.Feed
cbapi.psc.threathunter.models.Report
cbapi.psc.threathunter.models.IOC
cbapi.psc.threathunter.models.IOC_V2
cbapi.psc.threathunter.models.Watchlist
cbapi.psc.threathunter.models.ReportSeverity
cbapi.psc.threathunter.models.Binary
cbapi.psc.threathunter.models.Downloads