A simple survey tool for Cb Response
Switch branches/tags
Clone or download
keithmccammon Merge pull request #9 from redcanaryco/target-hostname
Add option to target a specific username
Latest commit e6f7afc Jan 12, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
definitions Formatting changes, revert .gitignore Nov 5, 2017
.gitignore Formatting changes, revert .gitignore Nov 5, 2017
LICENSE.txt Create LICENSE.txt May 12, 2016
README.rst Typo. Jun 10, 2016
setup.py Change my email. Very important. Sep 6, 2016
surveyor.py Add option to target a specific username Jan 12, 2018




A Python utility that queries Carbon Black (Cb) Enterprise Response and summarizes results. This has many uses, but is used primarily to understand where certain applications or activities exist within an enterprise, who is using them and how.


Join the community and share updates to survey definition files by forking this repository and sending a Pull Request with any definition updates or new definitions you've found useful. We'll do our best to adjudicate any differences in opinions (sorry, you can't classify your coupon printer as wanted software 😄)


Clone the repository from Github and install:

git clone https://github.com/redcanaryco/cb-response-surveyor.git

cd cb-response-surveyor

python setup.py develop


Create and populate your cbapi credential file per the instructions found here: https://github.com/carbonblack/cbapi-python.

Run using one of the test definitions:

./surveyor.py --deffile definitions/file-transfer.json

Then open and review the default output file (survey.csv).

You can also run using an entire directory of definition files in one shot:

./surveyor.py --defdir definitions

If you're looking for instances of something specific and a Cb query suits you best, you can do that too:

./surveyor.py --query 'process_name:explorer.exe username:joebob'