What is Surveyor?
A Python utility that queries Carbon Black (Cb) Response and summarizes results. This has many uses, but is used primarily to understand where certain applications or activities exist within an enterprise, who is using them and how.
The Cb Response user interface and REST API and built to provide direct access to the processes and events that match a query, best thought of as forensics and incident response use cases. In contrast, Surveyor is intended to provide high-level information about an environment, meeting use cases more closely aligned with proactive inventory and hunting.
- Python 2.6+ or 3.4+
git clone https://github.com/redcanaryco/cb-response-surveyor.git
python setup.py develop
If you haven't already done so, create a cbapi credential file that will allow the Python API client to interact with the Cb Response server.
Generate your first survey
Using your terminal, and from within the cb-response-surveyor directory, execute the following command:
python surveyor.py --deffile definitions/file-sharing-and-backup.json
If you see no errors, and the output looks similar to below, then look at survey.csv for results. And, you're done!