Carbon Black App Control (CB Protection) API
Main Interface
To use cbapi with Carbon Black App Control (CB Protection), you will be using the CbProtectionAPI. The CbProtectionAPI object then exposes two main methods to select data on the Carbon Black server:
- class cbapi.protection.rest_api.CbProtectionAPI(*args, **kwargs)
The main entry point into the Carbon Black App Control API.
- Parameters:
profile (str) – (optional) Use the credentials in the named profile when connecting to the Carbon Black server. Uses the profile named ‘default’ when not specified.
Usage:
>>> from cbapi import CbProtectionAPI >>> cb = CbProtectionAPI(profile="production")
Initialize the base API information.
- api_json_request(method, uri, **kwargs)
Submit a request to the server.
- Args:
method (str): HTTP method to use. uri (str): URI to submit the request to. **kwargs (dict): Additional arguments.
- Returns:
object: Result of the operation.
- Raises:
ServerError: If there’s an error output from the server.
- create(cls, data=None)
Create a new object.
- Args:
cls (class): The Model class (only some models can be created, for example, Feed, Notification, …) data (object): The data used to initialize the new object
- Returns:
Model: An empty instance of the model class.
- Raises:
ApiError: If the Model cannot be created.
- delete_object(uri)
Send a DELETE request to the specified URI.
- Args:
uri (str): The URI to send the DELETE request to.
- Returns:
object: The return data from the DELETE request.
- get_object(uri, query_parameters=None, default=None)
Submit a GET request to the server and parse the result as JSON before returning.
- Args:
uri (str): The URI to send the GET request to. query_parameters (object): Parameters for the query. default (object): What gets returned in the event of an empty response.
- Returns:
object: Result of the GET request.
- get_raw_data(uri, query_parameters=None, default=None, **kwargs)
Submit a GET request to the server and return the result without parsing it.
- Args:
uri (str): The URI to send the GET request to. query_parameters (object): Parameters for the query. default (object): What gets returned in the event of an empty response. **kwargs:
- Returns:
object: Result of the GET request.
- post_object(uri, body, **kwargs)
Send a POST request to the specified URI.
- Args:
uri (str): The URI to send the POST request to. body (object): The data to be sent in the body of the POST request. **kwargs:
- Returns:
object: The return data from the POST request.
- put_object(uri, body, **kwargs)
Send a PUT request to the specified URI.
- Args:
uri (str): The URI to send the PUT request to. body (object): The data to be sent in the body of the PUT request. **kwargs:
- Returns:
object: The return data from the PUT request.
- raise_unless_json(ret, expected)
Raise a ServerError unless we got back an HTTP 200 response with JSON containing all the expected values.
- Args:
ret (object): Return value to be checked. expected (dict): Expected keys and values that need to be found in the JSON response.
- Raises:
ServerError: If the HTTP response is anything but 200, or if the expected values are not found.
- select(cls, unique_id=None, *args, **kwargs)
Prepares a query against the Carbon Black data store.
- Parameters:
cls (class) – The Model class (for example, Computer, Process, Binary, FileInstance) to query
unique_id – (optional) The unique id of the object to retrieve, to retrieve a single object by ID
- Returns:
An instance of the Model class if a unique_id is provided, otherwise a Query object
- property url
Return the connection URL.
- Returns:
str: The connection URL.
Queries
- class cbapi.protection.rest_api.Query(doc_class, cb, query=None)
Represents a prepared query to the Carbon Black App Control server.
This object is returned as part of a
CbProtectionAPI.select()
operation on models requested from the Carbon Black App Control server. You should not have to create this class yourself.The query is not executed on the server until it’s accessed, either as an iterator (where it will generate values on demand as they’re requested) or as a list (where it will retrieve the entire result set and save to a list). You can also call the Python built-in
len()
on this object to retrieve the total number of items matching the query.The syntax for query :py:meth:where and :py:meth:sort methods can be found in the App Control REST API reference posted on the Carbon Black Developer Network website.
Examples:
>>> from cbapi.protection import CbProtectionAPI, Computer >>> cb = CbProtectionAPI() >>> query = cb.select(Computer) # returns a Query object matching all Computers >>> query = query.where("ipAddress:10.201.2.*") # add a filter to this Query >>> query = query.sort("processorSpeed DESC") # sort by computer processor speed, descending >>> for comp in query: # uses the iterator to retrieve all results >>> print(comp.name) >>> comps = query[:10] # retrieve the first ten results >>> len(query) # retrieve the total count
- Notes:
The slicing operator only supports start and end parameters, but not step.
[1:-1]
is legal, but[1:2:-1]
is not.You can chain where clauses together to create AND queries; only objects that match all
where
clauses will be returned.
- and_(q)
Add a filter to this query. Equivalent to calling
where()
on this object.- Parameters:
q (str) – Query string - see the App Control REST API reference.
- Returns:
Query object
- Return type:
- sort(new_sort)
Set the sort order for this query.
- Parameters:
new_sort (str) – Sort order - see the App Control REST API reference.
- Returns:
Query object
- Return type:
- where(q)
Add a filter to this query.
- Parameters:
q (str) – Query string - see the App Control REST API reference.
- Returns:
Query object
- Return type:
Models
- class cbapi.protection.models.ApprovalRequest(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- ResolutionApproved = 2
- ResolutionInstaller = 4
- ResolutionNotResolved = 0
- ResolutionOther = 7
- ResolutionPublisher = 6
- ResolutionRejected = 1
- ResolutionRuleChange = 3
- ResolutionUpdater = 5
- StatusClosed = 3
- StatusOpen = 2
- StatusSubmitted = 1
- property computer
- property fileCatalog
- property installerFileCatalog
- property processFileCatalog
- urlobject = '/api/bit9platform/v1/approvalRequest'
- class cbapi.protection.models.Certificate(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- StateApproved = 2
- StateBanned = 3
- StateMixed = 4
- StateUnapproved = 1
- property firstSeenComputer
- property parent
- property publisher
- urlobject = '/api/bit9platform/v1/certificate'
- class cbapi.protection.models.Computer(cb, model_unique_id, initial_data=None)
Represents a Computer object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- property fileInstances
- property policy
- resetCLIPassword()
- property templateComputer
- urlobject = '/api/bit9platform/v1/computer'
- class cbapi.protection.models.Connector(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a Connector object in the Carbon Black server.
- Variables:
id – Unique connector Id
name – Name of the connector. Note that only non-internal connectors can be renamed
analysisName – Name for analysis component of the connector (can be same as the name field)
connectorVersion – Version of this connector
canAnalyze – True if this connector can analyze files
enabled – True if connector is enabled
analysisEnabled – True if analysis component of this connector is enabled
isInternal – True if this is internal connector
analysisTargets – Array of possible analysis targets. Analysis targets are required when creating new fileAnalysis. They usualy represent different OS and configurations and are available only for some internal connectors.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- analysisEnabled = None
- analysisName = None
- analysisTargets = []
- canAnalyze = None
- connectorVersion = None
- enabled = None
- id = None
- isInternal = None
- name = None
- property pendingAnalyses
- urlobject = '/api/bit9platform/v1/connector'
- class cbapi.protection.models.DriftReport(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a DriftReport object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- urlobject = '/api/bit9platform/v1/driftReport'
- class cbapi.protection.models.DriftReportContents(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a DriftReportContents object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- urlobject = '/api/bit9platform/v1/driftReportContents'
- class cbapi.protection.models.EnforcementLevel
- LevelHigh = 20
- LevelLow = 40
- LevelMedium = 30
- LevelNone = 80
- class cbapi.protection.models.Event(cb, model_unique_id, initial_data=None)
Represents a Event object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- property fileCatalog
- urlobject = '/api/bit9platform/v1/event'
- class cbapi.protection.models.FileAnalysis(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- urlobject = '/api/bit9platform/v1/fileAnalysis'
- class cbapi.protection.models.FileCatalog(cb, model_unique_id, initial_data=None)
Represents a FileCatalog object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- property certificate
- property computer
- property fileHash
- property publisher
- urlobject = '/api/bit9platform/v1/fileCatalog'
- class cbapi.protection.models.FileInstance(cb, model_unique_id, initial_data=None)
Represents a FileInstance object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- property computer
- property fileCatalog
- urlobject = '/api/bit9platform/v1/fileInstance'
- class cbapi.protection.models.FileInstanceDeleted(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/fileInstanceDeleted'
- class cbapi.protection.models.FileInstanceGroup(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/fileInstanceGroup'
- class cbapi.protection.models.FileRule(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a FileRule object in the Carbon Black server.
- Variables:
id – Unique id of this fileRule
fileCatalogId – Id of fileCatalog entry associated with this fileRule. Can be null if file hasn’t been seen on any endpoints yet. This is foreign key and can be expanded to expose fields from the related fileCatalog object
name – Name of this rule.
description – Description of this rule.
fileState – File state for this rule. Can be one of: 1=Unapproved 2=Approved 3=Banned
sourceType – Mechanism that created this rule. Can be one of: 1 = Manual 2 = Trusted Directory 3 = Reputation 4 = Imported 5 = External (API) 6 = Event Rule 7 = Application Template 8 = Unified Management
sourceId – Id of source of this rule. Can be event rule id or trusted directory id
reportOnly – True if this has a report-only ban
reputationApprovalsEnabled – True if reputation approvals are enabled for this file
forceInstaller – True if this file is forced to act as installer, even if product detected it as ‘not installer’
forceNotInstaller – True if this file is forced to act as ‘not installer’, even if product detected it as installer
policyIds – List of IDs of policies where this rule applies. Value will be empty if this is a global rule
hash – Hash associated with this rule. Note that hash will be available only if rule was created through md5 or sha-1 hash. If rule was created through fileName, fileCatalogId or sha-256 hash that exists in the catalog, this field will be empty.
fileName – File name associated with this rule. Note that file name will be available only if rule was created through file name. If rule was created through fileCatalogId or hash, this field will be empty.
lazyApproval – This filed is valid only when creating approvals. When set to true, it will cause approval to be sent to agent only if file is marked as installer or if it blocked on any agent. This is useful when proactively creating lot of approvals that might or might not be required, since it is using less resources. Note that, as soone as lazy approval is sent to agents, this field will changed to ‘false’.
platformFlags – Set of platform flags where this file rule will be valid. combination of: 1 = Windows 2 = Mac 4 = Linux
dateCreated – Date/time when this rule was created (UTC)
createdBy – User that created this object
createdByUserId – Id of user that created this object
dateModified – Date/time when this object was last modified (UTC)
modifiedBy – User that last modified this object
modifiedByUserId – Id of user that last modified this object
clVersion – CL version associated with this file rule
idUnique – Unique GUID of this rule
origIdUnique – Unique GUID of the original rule
unifiedFlag – Local override flag for unified rule (0 - if rule is not unified, 1 - no override allowed, 3 - local override allowed)
unifiedSource – Unified server name that created this rule
fileRuleType – Text description of file rule type
version – Version of this file rule
visible – If rule should be visible in the UI or not
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- PlatformLinux = 4
- PlatformMac = 2
- PlatformWindows = 1
- SourceTypeApplicationTemplate = 7
- SourceTypeEventRule = 6
- SourceTypeExternal = 5
- SourceTypeImported = 4
- SourceTypeManual = 1
- SourceTypeReputation = 3
- SourceTypeTrustedDirectory = 2
- SourceTypeUnifiedManagement = 8
- StateApproved = 2
- StateBanned = 3
- StateUnapproved = 1
- clVersion = None
- createdBy = None
- property createdByUser
- createdByUserId = None
- dateCreated = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- dateModified = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- description = None
- property fileCatalog
- fileCatalogId = None
- fileName = None
- fileRuleType = None
- fileState = None
- forceInstaller = None
- forceNotInstaller = None
- hash = None
- id = None
- idUnique = None
- lazyApproval = None
- modifiedBy = None
- modifiedByUserId = None
- name = None
- origIdUnique = None
- platformFlags = None
- policyIds = None
- reportOnly = None
- reputationApprovalsEnabled = None
- sourceId = None
- sourceType = None
- unifiedFlag = None
- unifiedSource = None
- urlobject = '/api/bit9platform/v1/fileRule'
- version = None
- visible = None
- class cbapi.protection.models.FileUpload(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- property file
- urlobject = '/api/bit9platform/v1/fileUpload'
- class cbapi.protection.models.GrantedUserPolicyPermission(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a GrantedUserPolicyPermission object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- urlobject = '/api/bit9platform/v1/grantedUserPolicyPermission'
- class cbapi.protection.models.InternalEvent(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/internalEvent'
- class cbapi.protection.models.MeteredExecution(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/meteredExecution'
- class cbapi.protection.models.Notification(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a Notification object in the Carbon Black server.
- Variables:
connectorId – Id of connector object that sent the notification
time – Date/time of the notification (UTC)
analysisResult – Analysis result. Can be one of: 0 = Unknown, 1 = Not malicious, 2 = Potential risk, 3 = Malicious
fileAnalysisId – Id of fileAnalysis object associated with the notification. This should be available if notification came as a result of the file analysis
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- ResultClean = 1
- ResultMalicious = 3
- ResultNotAvailable = 0
- ResultPotentialThreat = 2
- analysisResult = None
- anomaly = None
- appliance = None
- connectorId = None
- destIp = None
- destUsername = None
- directories = []
- externalId = None
- externalUrl = None
- fileAnalysisId = None
- fileName = None
- files = []
- flags = None
- httpHeader = None
- malwareName = None
- malwareType = None
- md5 = None
- msgFormat = None
- product = None
- regKeys = []
- severity = None
- sha1 = None
- sha256 = None
- srcHost = None
- srcIp = None
- srcUsername = None
- status = None
- targetApp = None
- targetOS = None
- time = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- type = None
- urlobject = '/api/bit9platform/v1/notification'
- version = None
- class cbapi.protection.models.Notifier(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/notifier'
- class cbapi.protection.models.PendingAnalysis(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- ResultClean = 1
- ResultMalicious = 3
- ResultNotAvailable = 0
- ResultPotentialThreat = 2
- StatusAnalyzed = 3
- StatusCancelled = 5
- StatusError = 4
- StatusProcessed = 2
- StatusScheduled = 0
- StatusSubmitted = 1
- create_notification(**kwargs)
- property file
- property fileCatalog
- property fileHash
- urlobject = '/api/bit9platform/v1/pendingAnalysis'
- class cbapi.protection.models.Policy(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a Policy object in the Carbon Black server.
- Variables:
id – Unique id of this policy
name – Name of this policy.
description – Description of this policy.
packageName – Name of installer package for this policy
enforcementLevel – Target enforcement level. Can be one of: 20=High (Block Unapproved) 30=Medium (Prompt Unapproved) 40=Low (Monitor Unapproved) 60=None (Visibility) 80=None (Disabled)
disconnectedEnforcementLevel – Target enforcement level for disconnected computers. Can be one of: 20=High (Block Unapproved) 30=Medium (Prompt Unapproved) 40=Low (Monitor Unapproved) 60=None (Visibility) 80=None (Disabled)
helpDeskUrl – Helpdesk URL for notifiers in this policy
imageUrl – Image logo URL for notifiers in this policy
dateCreated – Date/time when this rule was created (UTC)
createdByUserId – Id of user that created this object
dateModified – Date/time when this object was last modified (UTC)
modifiedByUserId – Id of user that last modified this object
readOnly – True if this policy is read-only
hidden – True if this policy is hidden in the UI
automatic – True if AD mapping is enabled for this policy
loadAgentInSafeMode – True if agents in this policy will be loaded when machine is booted in ‘safe mode’
reputationEnabled – True if reputation approvals are enabled in this policy
fileTrackingEnabled – True if file tracking enabled in this policy
customLogo – True if notifiers in this policy use custom logo
automaticApprovalsOnTransition – True if agents in this policy will automatically locally approve files when transitioning into High Enforcement
allowAgentUpgrades – True if agents can be upgraded for this policy
totalComputers – Total number of computers in this policy
connectedComputers – Number of connected computers in this policy
atEnforcementComputers – Number of computers that are at target enforcement level in this policy
clVersionMax – Max target CL version for agents in this policy
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- allowAgentUpgrades = None
- atEnforcementComputers = None
- automatic = None
- automaticApprovalsOnTransition = None
- clVersionMax = None
- connectedComputers = None
- createdByUserId = None
- customLogo = None
- dateCreated = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- dateModified = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- description = None
- disconnectedEnforcementLevel = None
- enforcementLevel = None
- fileTrackingEnabled = None
- helpDeskUrl = None
- id = None
- imageUrl = None
- loadAgentInSafeMode = None
- modifiedByUserId = None
- name = None
- packageName = None
- readOnly = None
- reputationEnabled = None
- totalComputers = None
- urlobject = '/api/bit9platform/v1/policy'
- class cbapi.protection.models.Publisher(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- urlobject = '/api/bit9platform/v1/publisher'
- class cbapi.protection.models.PublisherCertificate(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a PublisherCertificate object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- urlobject = '/api/bit9platform/v1/publisherCertificate'
- class cbapi.protection.models.ScriptRule(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a ScriptRule object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- urlobject = '/api/bit9platform/v1/scriptRule'
- class cbapi.protection.models.ServerConfig(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/serverConfig'
- class cbapi.protection.models.ServerPerformance(cb, model_unique_id, initial_data=None)
Initialize the BaseModel object.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object. force_init (bool): True to force the object to be re-initialized from the server.
- urlobject = '/api/bit9platform/v1/serverPerformance'
- class cbapi.protection.models.TrustedDirectory(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a TrustedDirectory object in the Carbon Black server.
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- urlobject = '/api/bit9platform/v1/trustedDirectory'
- class cbapi.protection.models.TrustedUser(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a TrustedUser object in the Carbon Black server.
- Variables:
id – Unique id of this trustedUser
name – Name of the user as it will appear on the console. This is not the name that will be enforced on the endpoint
userSid – Id of the user that will be trusted on the endpoint. This field can be user name, user SID (Security identifier) on Windows platforms or user’s ID on Linux and Mac platforms
description – Description of this rule
platformId – Platform where this trustedUser will be valid. it is one of: 1 = Windows, 2 = Mac, 4 = Linux
dateCreated – Date/time when this object was created (UTC)
createdByUserId – Id of user that created this object. This is foreign key and can be expanded to expose fields from the related user object
createdBy – User that created this object
dateModified – Date/time when this object was last modified (UTC)
modifiedByUserId – Id of user that last modified this object. This is foreign key and can be expanded to expose fields from the related user object
modifiedBy – User that last modified this object
clVersion – CL version associated with this trustedUser
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- clVersion = None
- createdBy = None
- createdByUserId = None
- dateCreated = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- dateModified = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- description = None
- id = None
- modifiedBy = None
- modifiedByUserId = None
- name = None
- platformId = None
- urlobject = '/api/bit9platform/v1/trustedUser'
- userSid = None
- class cbapi.protection.models.Updater(cb, model_unique_id, initial_data=None)
Initialize the MutableModel.
- Args:
cb (BaseAPI): Reference to the CBAPI object. model_unique_id (object): Unique ID for the model object. initial_data (dict): Initial data for the model object.
- urlobject = '/api/bit9platform/v1/updater'
- class cbapi.protection.models.User(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a User object in the Carbon Black server.
- Variables:
id – Unique id of this user
name – Name of the user
userGroupIds – Comma-separated list of IDs of corresponding userGroup objects
eMailAddress – EMail address of this user
firstName – First name of this user
lastName – Last name of this user
title – Title of this user
salutation – Salutation of this user
department – Department this user belongs to
homePhone – User’s home phone
cellPhone – User’s cell phone
backupCellPhone – User’s secondary cell phone
pager – User’s pager number
backupPager – User’s secondary pager number
comments – Comments for this user
adminComments – Administrator’s comments for this user
registrationDate – Date this user was first registered (UTC)
readOnly – True if this user is one of internal users (System or Cb Collective Defense Cloud Service) or AD user. These users cannot be modified through the API
external – True if this is externally generated user (e.g. from AD)
automatic – True if this user’s roles are assigned automatically through mappings (valid only for external users)
unified – True if this user’s token is already connected to a remote unified environment (token should not be changed)
enabled – True if this user is enabled
passwordHash – Hash of user password
passwordSalt – Salt used to generate password hash
apiToken – API token for this user
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- adminComments = None
- apiToken = None
- automatic = None
- backupCellPhone = None
- backupPager = None
- cellPhone = None
- comments = None
- department = None
- eMailAddress = None
- enabled = None
- external = None
- firstName = None
- homePhone = None
- id = None
- lastName = None
- name = None
- pager = None
- passwordHash = None
- passwordSalt = None
- readOnly = None
- registrationDate = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- salutation = None
- title = None
- unified = None
- urlobject = '/api/bit9platform/v1/user'
- userGroupIds = None
- class cbapi.protection.models.UserGroup(cb, model_unique_id=None, initial_data=None, force_init=False, full_doc=False)
Represents a UserGroup object in the Carbon Black server.
- Variables:
id – Unique id of this user group
name – Name of the user group
description – Description of this user group
permissions – Permissions associated with users of this user group as a hexadecimal string. See https://developer.carbonblack.com/reference/enterprise-protection/8.0/rest-api/#usergroup for more information.
policyIds – List of IDs of policies where this user group applies. Value will be empty if this is a global user group
enabled – True if this userGroup is enabled
editable – True if this userGroup is editable
dateCreated – Date/time when this object was created (UTC)
createdByUserId – Id of user that created this object. This is foreign key and can be expanded to expose fields from the related user object
createdBy – User that created this object
dateModified – Date/time when this object was last modified (UTC)
modifiedByUserId – Id of user that last modified this object. This is foreign key and can be expanded to expose fields from the related user object
modifiedBy – User that last modified this object
automaticCount – Number of users that belong to this group and have been assigned through AD rule (doesn’t include internal users)
manualCount – Number of users that belong to this group and have been assigned manually (doesn’t include internal users)
Base model for :param cb: :param model_unique_id: :param initial_data: :param force_init: :param full_doc: :return:
- automaticCount = None
- createdBy = None
- createdByUserId = None
- dateCreated = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- dateModified = datetime.datetime(1970, 1, 1, 0, 0, tzinfo=tzlocal())
- description = None
- editable = None
- enabled = None
- id = None
- manualCount = None
- modifiedBy = None
- modifiedByUserId = None
- name = None
- permissions = None
- policyIds = None
- urlobject = '/api/bit9platform/v1/userGroup'