A Python utility that queries Carbon Black (Cb) Enterprise Response and summarizes results. This has many uses, but is used primarily to understand where certain applications or activities exist within an enterprise, who is using them and how.
Join the community and share updates to survey definition files by forking this
repository and sending a Pull Request with any definition updates or new
definitions you've found useful. We'll do our best to adjudicate any differences
in opinions (sorry, you can't classify your coupon printer as wanted software
Clone the repository from Github and install:
python setup.py develop
Create and populate your cbapi credential file per the instructions found here: https://github.com/carbonblack/cbapi-python.
Run using one of the test definitions:
./surveyor.py --deffile definitions/file-transfer.json
Then open and review the default output file (survey.csv).
You can also run using an entire directory of definition files in one shot:
./surveyor.py --defdir definitions
If you're looking for instances of something specific and a Cb query suits you best, you can do that too:
./surveyor.py --query 'process_name:explorer.exe username:joebob'