AutoResponder

Carbon Black Response IR tool for hunting threats in an environment

AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response’s awesome capabilities and WITHOUT much bothering IT/System/Network Teams

What can it do?

Module	✔️ / ❌
Delete Files	✔️
Delete Registry Values	✔️
Delete Win32 Service Entries	✔️
Delete Scheduled Task Entries	✔️
Detailed Sensor List Export	✔️
Find Files	✔️
Find Registry Values	✔️
Download Files	✔️
Download A list of Win32 Service Entries	✔️
Download A list of Scheduled Task Entries	✔️
Download A list of WMI Entries	✔️
Isolate/Unisolate Sensors	✔️
Kill Running Processes	✔️
Restart Sensors	✔️
Restart Endpoints	✔️
Generate CSV reports	✔️
Delete WMI Entries	❌
Solve the whole case and generate a nice report so we can all have a cold beer	❌

Who is it for?

You are a	✔️ / ❌
Government agency	✔️
State agency	✔️
Bank	✔️
Public/Private Institution	✔️
Company that has Carbon Black Response installed in the environment as an EDR product	✔️
A company doing Incident Response	✔️
Startup? (Doubt it)	✔️
Person who has no idea what Carbon Black is	❌

How?

For those who aren’t familiar with Carbon Black Response, it is quite amazing product that delivers a solution to Incident Response cases in its own unique and awesome way. Carbon Black Response has a python API integration that helps people automate their tasks – saving a lot of time. So all you see in this project is just python API magic – nothing more, nothing less.

How can I use it?

The code is written in python3 so any version above 3.4 will do fine

Download the zip archive or do a git clone https://github.com/lawiet47/autoresponder.git
Install required modules with pip3 install -r requirements.txt
Configure Carbon Black API => https://cbapi.readthedocs.io/en/latest/
Kickass

Source: https://github.com/lawiet47/

Tags: autoresponder