add ban_hash.py example script

carbonblack · Sep 1, 2017 · a99c6ff · a99c6ff
1 parent 11e5fb9
commit a99c6ff
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -38,6 +38,7 @@ Changes for Cb Protection:
 Changes for Cb Response:
 
 * Added ``.webui_link`` property to Cb Response Query objects.
+* Added ``ban_hash.py`` example.
 
 Bug Fixes:
 

diff --git a/examples/response/ban_hash.py b/examples/response/ban_hash.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+import sys
+from cbapi.example_helpers import build_cli_parser, get_cb_response_object
+from cbapi.response import BannedHash
+
+
+def ban_hash(cb, args):
+    b = cb.create(BannedHash)
+    b.md5hash = args.hash
+    if args.description:
+        b.text = args.description
+    else:
+        b.text = "Banned via ban_hash.py example script"
+    b.enabled = True
+
+    try:
+        b.save()
+    except Exception as e:
+        print("Error banning hash {0}: {1}".format(args.hash, str(e)))
+    else:
+        print("Hash {0} successfully banned".format(args.hash))
+
+
+def main():
+    parser = build_cli_parser("Add an MD5 hash to the banned hash list in Cb Response")
+    parser.add_argument("-H", "--hash", help="MD5 hash of the file to ban in Cb Response", required=True)
+    parser.add_argument("-d", "--description", help="Description of why the hash is banned")
+
+    args = parser.parse_args()
+    cb = get_cb_response_object(args)
+
+    return ban_hash(cb, args)
+
+
+if __name__ == "__main__":
+    sys.exit(main())