Carbon Black Response

Carbon Black Response is a highly scalable, real-time EDR with unparalleled visibility for top security operations centers and incident response teams.

Integration with LogicHub

Connecting with CB Response

To connect to CB Response following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Host: Hostname of the CB Response instance.
  • API Token: API Token for your CB Response instance.

Actions with CB Response

Retrieve Binary

Returns the binary for the provided md5 hash.

Inputs to this Action

  • Hash: md5 hash of binary.

Output of Action
JSON object containing file-id of the binary downloaded to LogicHub instance.

Get Watchlists

Returns all watchlists with details.

Inputs to this Action
No specific input.

Output of Action
Uncorrelated rows containing each watchlist with details per row.

Create Watchlist

Create a new watchlist in CB Response.

Inputs to this Action

  • Name: Name of the newly created watchlist.
  • Search Query: Raw query that this watchlist should match.
  • Watchlist Index Type: 'modules' and 'events' for binary and process watchlists, respectively.

Output of Action
JSON object containing results of action.

Update/Set Watchlist

Updates a watchlist in CB Response.

Inputs to this Action

  • Watchlist ID: Watchlist Id that needs to be updated.
  • Name (Optional): New name to update watchlist.
  • Search Query (Optional): An updated raw query that this watchlist should match.
  • Watchlist Index Type: 'modules' and 'events' for binary and process watchlists, respectively.

Output of Action
JSON object containing results of action.

Delete Watchlist

Delete a Watchlist from CB Response.

Inputs to this Action

  • Watchlist ID: Watchlist ID that needs to be updated.

Output of Action
JSON object containing results of action.

Get Sensors

Returns all registered sensors with details.

Inputs to this Action
No specific input.

Output of Action
Uncorrelated rows containing each sensor with details per row.

Search Sensors

Returns all sensors matching the search-filter criteria with details.

Inputs to this Action

  • Search Filter: JSON search-query to filter sensors.

Output of Action
Rows containing each sensor with details satisfying the filtering criteria per row.


Did this page help you?