What is Surveyor?

A Python utility that queries Carbon Black (Cb) Response and summarizes results. This has many uses, but is used primarily to understand where certain applications or activities exist within an enterprise, who is using them and how.

The Cb Response user interface and REST API and built to provide direct access to the processes and events that match a query, best thought of as forensics and incident response use cases. In contrast, Surveyor is intended to provide high-level information about an environment, meeting use cases more closely aligned with proactive inventory and hunting.

Quick start

Prerequisites

  1. Python 2.6+ or 3.4+

Installation

git clone https://github.com/redcanaryco/cb-response-surveyor.git

cd cb-response-surveyor

python setup.py develop

Authentication

If you haven't already done so, create a cbapi credential file that will allow the Python API client to interact with the Cb Response server.

Generate your first survey

Using your terminal, and from within the cb-response-surveyor directory, execute the following command: 

python surveyor.py --deffile definitions/file-sharing-and-backup.json

If you see no errors, and the output looks similar to below, then look at survey.csv for results. And, you're done!

Learn more

Did this answer your question?