autoresponder: Carbon Black Response IR tool
AutoResponder
Carbon Black Response IR tool for hunting threats in an environment
AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response’s awesome capabilities and WITHOUT much bothering IT/System/Network Teams
What can it do?
| Module | ✔️ / ❌ |
|---|---|
| Delete Files | ✔️ |
| Delete Registry Values | ✔️ |
| Delete Win32 Service Entries | ✔️ |
| Delete Scheduled Task Entries | ✔️ |
| Detailed Sensor List Export | ✔️ |
| Find Files | ✔️ |
| Find Registry Values | ✔️ |
| Download Files | ✔️ |
| Download A list of Win32 Service Entries | ✔️ |
| Download A list of Scheduled Task Entries | ✔️ |
| Download A list of WMI Entries | ✔️ |
| Isolate/Unisolate Sensors | ✔️ |
| Kill Running Processes | ✔️ |
| Restart Sensors | ✔️ |
| Restart Endpoints | ✔️ |
| Generate CSV reports | ✔️ |
| Delete WMI Entries | ❌ |
| Solve the whole case and generate a nice report so we can all have a cold beer | ❌ |
Who is it for?
| You are a | ✔️ / ❌ |
|---|---|
| Government agency | ✔️ |
| State agency | ✔️ |
| Bank | ✔️ |
| Public/Private Institution | ✔️ |
| Company that has Carbon Black Response installed in the environment as an EDR product | ✔️ |
| A company doing Incident Response | ✔️ |
| Startup? (Doubt it) | ✔️ |
| Person who has no idea what Carbon Black is | ❌ |
How?
For those who aren’t familiar with Carbon Black Response, it is quite amazing product that delivers a solution to Incident Response cases in its own unique and awesome way. Carbon Black Response has a python API integration that helps people automate their tasks – saving a lot of time. So all you see in this project is just python API magic – nothing more, nothing less.
How can I use it?
The code is written in python3 so any version above 3.4 will do fine
- Download the zip archive or do a git clone https://github.com/lawiet47/autoresponder.git
- Install required modules with pip3 install -r requirements.txt
- Configure Carbon Black API => https://cbapi.readthedocs.io/en/latest/
- Kickass
Copyright (C) 2019 lawiet47
Source: https://github.com/lawiet47/
