autoresponder: Carbon Black Response IR tool
Carbon Black Response IR tool for hunting threats in an environment
AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response’s awesome capabilities and WITHOUT much bothering IT/System/Network Teams
What can it do?
|Module||✔️ / ❌|
|Delete Registry Values||✔️|
|Delete Win32 Service Entries||✔️|
|Delete Scheduled Task Entries||✔️|
|Detailed Sensor List Export||✔️|
|Find Registry Values||✔️|
|Download A list of Win32 Service Entries||✔️|
|Download A list of Scheduled Task Entries||✔️|
|Download A list of WMI Entries||✔️|
|Kill Running Processes||✔️|
|Generate CSV reports||✔️|
|Delete WMI Entries||❌|
|Solve the whole case and generate a nice report so we can all have a cold beer||❌|
Who is it for?
|You are a||✔️ / ❌|
|Company that has Carbon Black Response installed in the environment as an EDR product||✔️|
|A company doing Incident Response||✔️|
|Startup? (Doubt it)||✔️|
|Person who has no idea what Carbon Black is||❌|
For those who aren’t familiar with Carbon Black Response, it is quite amazing product that delivers a solution to Incident Response cases in its own unique and awesome way. Carbon Black Response has a python API integration that helps people automate their tasks – saving a lot of time. So all you see in this project is just python API magic – nothing more, nothing less.
How can I use it?
The code is written in python3 so any version above 3.4 will do fine
- Download the zip archive or do a git clone https://github.com/lawiet47/autoresponder.git
- Install required modules with pip3 install -r requirements.txt
- Configure Carbon Black API => https://cbapi.readthedocs.io/en/latest/
Copyright (C) 2019 lawiet47