├── server_apis
└── python
│ ├── requirements.txt
│ ├── example
│ ├── bulk
│ │ ├── logs
│ │ │ └── 2013-02-08_17-12-24-277.log
│ │ ├── README.md
│ │ └── lib
│ │ │ └── eventHelpers.py
│ └── subscribe_all.py
│ └── LICENSE
├── client_apis
├── docs
│ └── query_overview.pdf
├── elixir
│ └── README.md
└── csharp
│ ├── src
│ ├── Bit9CarbonBlack.CarbonBlack.Client.snk
│ ├── Bit9CarbonBlack.CarbonBlack.Client.v12.suo
│ ├── Tests
│ │ └── Bit9CarbonBlack.CarbonBlack.Client.Tests
│ │ │ ├── Properties
│ │ │ └── AssemblyInfo.cs
│ │ │ ├── packages.config
│ │ │ ├── app.config
│ │ │ ├── SolrExtensionsTest.cs
│ │ │ ├── Bit9CarbonBlack.CarbonBlack.Client.Tests.csproj
│ │ │ └── CbClientTest.cs
│ ├── Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample
│ │ ├── Properties
│ │ │ └── AssemblyInfo.cs
│ │ ├── App.config
│ │ ├── Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample.csproj
│ │ └── Program.cs
│ ├── Bit9CarbonBlack.CarbonBlack.Client
│ │ ├── packages.config
│ │ ├── app.config
│ │ ├── Properties
│ │ │ └── AssemblyInfo.cs
│ │ ├── Bit9CarbonBlack.CarbonBlack.Client.nuspec
│ │ ├── HttpClientMessageHandler.cs
│ │ ├── CbClientResult.cs
│ │ ├── SolrExtensions.cs
│ │ ├── Bit9CarbonBlack.CarbonBlack.Client.csproj
│ │ └── ICbClient.cs
│ ├── CommonAssemblyInfo.cs
│ └── Bit9CarbonBlack.CarbonBlack.Client.sln
│ ├── example
│ ├── Bit9CarbonBlack.Example.FileSystemViewer
│ │ ├── Bit9CarbonBlack.Example.FileSystemViewer
│ │ │ ├── obj
│ │ │ │ └── Debug
│ │ │ │ │ ├── TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs
│ │ │ │ │ ├── TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs
│ │ │ │ │ ├── TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs
│ │ │ │ │ ├── MainWindow.baml
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer_MarkupCompile.lref
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.exe
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.pdb
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.g.resources
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.Properties.Resources.resources
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.csproj.GenerateResource.Cache
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer_MarkupCompile.cache
│ │ │ │ │ ├── App.g.cs
│ │ │ │ │ ├── App.g.i.cs
│ │ │ │ │ ├── GeneratedInternalTypeHelper.g.cs
│ │ │ │ │ ├── GeneratedInternalTypeHelper.g.i.cs
│ │ │ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.csproj.FileListAbsolute.txt
│ │ │ │ │ ├── MainWindow.g.cs
│ │ │ │ │ └── MainWindow.g.i.cs
│ │ │ ├── app.config
│ │ │ ├── Model
│ │ │ │ ├── PathComponent.cs
│ │ │ │ ├── Hostname.cs
│ │ │ │ ├── FileItemAction.cs
│ │ │ │ ├── FilePathItemDetails.cs
│ │ │ │ ├── FilePathFolder.cs
│ │ │ │ ├── FilePathItem.cs
│ │ │ │ └── ObservableFileSystem.cs
│ │ │ ├── Properties
│ │ │ │ ├── Settings.settings
│ │ │ │ ├── Settings.Designer.cs
│ │ │ │ ├── AssemblyInfo.cs
│ │ │ │ ├── Resources.Designer.cs
│ │ │ │ └── Resources.resx
│ │ │ ├── packages.config
│ │ │ ├── App.xaml
│ │ │ ├── App.xaml.cs
│ │ │ ├── MainWindow.xaml
│ │ │ ├── MainWindow.xaml.cs
│ │ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.csproj
│ │ │ └── Client
│ │ │ │ └── CarbonBlack.cs
│ │ ├── Bit9CarbonBlack.Example.FileSystemViewer.v12.suo
│ │ └── Bit9CarbonBlack.Example.FileSystemViewer.sln
│ ├── NuGet.Config
│ └── packages
│ │ ├── Newtonsoft.Json.6.0.7
│ │ ├── Newtonsoft.Json.6.0.7.nupkg
│ │ ├── lib
│ │ │ ├── net20
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net35
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net40
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net45
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── netcore45
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── portable-net40+sl5+wp80+win8+wpa81
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ └── portable-net45+wp80+win8+wpa81+aspnetcore50
│ │ │ │ └── Newtonsoft.Json.dll
│ │ └── tools
│ │ │ └── install.ps1
│ │ ├── repositories.config
│ │ └── Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044
│ │ ├── lib
│ │ └── net45
│ │ │ └── Bit9CarbonBlack.CarbonBlack.Client.dll
│ │ └── Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044.nupkg
│ ├── packages
│ ├── RhinoMocks.3.6.1
│ │ ├── RhinoMocks.3.6.1.nupkg
│ │ └── lib
│ │ │ └── net
│ │ │ └── Rhino.Mocks.dll
│ ├── Newtonsoft.Json.6.0.6
│ │ ├── Newtonsoft.Json.6.0.6.nupkg
│ │ ├── lib
│ │ │ ├── net20
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net35
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net40
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net45
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── netcore45
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── portable-net40+sl5+wp80+win8+wpa81
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ └── portable-net45+wp80+win8+wpa81+aspnetcore50
│ │ │ │ └── Newtonsoft.Json.dll
│ │ └── tools
│ │ │ └── install.ps1
│ ├── Newtonsoft.Json.6.0.7
│ │ ├── Newtonsoft.Json.6.0.7.nupkg
│ │ ├── lib
│ │ │ ├── net20
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net35
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net40
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── net45
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── netcore45
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ ├── portable-net40+sl5+wp80+win8+wpa81
│ │ │ │ └── Newtonsoft.Json.dll
│ │ │ └── portable-net45+wp80+win8+wpa81+aspnetcore50
│ │ │ │ └── Newtonsoft.Json.dll
│ │ └── tools
│ │ │ └── install.ps1
│ ├── VisualStudioTestingExtensions.1.2.0.0
│ │ ├── VisualStudioTestingExtensions.1.2.0.0.nupkg
│ │ └── lib
│ │ │ ├── net20
│ │ │ ├── SoftwareApproach.TestingExtensions.dll
│ │ │ └── SoftwareApproach.TestingExtensions.pdb
│ │ │ └── net40
│ │ │ ├── SoftwareApproach.TestingExtensions.dll
│ │ │ └── SoftwareApproach.TestingExtensions.pdb
│ └── repositories.config
│ ├── NuGet.Config
│ ├── nupkg
│ ├── Bit9CarbonBlack.CarbonBlack.Client.1.0.5435.29091.nupkg
│ ├── Bit9CarbonBlack.CarbonBlack.Client.1.1.5436.29462.nupkg
│ ├── Bit9CarbonBlack.CarbonBlack.Client.1.0.5435.29091.symbols.nupkg
│ └── Bit9CarbonBlack.CarbonBlack.Client.1.1.5436.29462.symbols.nupkg
│ └── README.md
├── .gitmodules
├── .gitignore
├── README.md
├── sensor_apis
├── LICENSE
└── README.md
└── LICENSE.md
/server_apis/python/requirements.txt:
--------------------------------------------------------------------------------
1 | requests>=2.3
2 | simplejson>=3.5
3 | pika>=0.9
4 | protobuf>=2.5
5 |
--------------------------------------------------------------------------------
/client_apis/docs/query_overview.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/docs/query_overview.pdf
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "client_apis/python"]
2 | path = client_apis/python
3 | url = https://github.com/carbonblack/cbapi-python
4 |
--------------------------------------------------------------------------------
/client_apis/elixir/README.md:
--------------------------------------------------------------------------------
1 | The Elixir Client APIs are available directly from redver's repository here:
2 | https://github.com/redvers/cbclientapi
3 |
4 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.snk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.snk
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.v12.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.v12.suo
--------------------------------------------------------------------------------
/server_apis/python/example/bulk/logs/2013-02-08_17-12-24-277.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/server_apis/python/example/bulk/logs/2013-02-08_17-12-24-277.log
--------------------------------------------------------------------------------
/client_apis/csharp/packages/RhinoMocks.3.6.1/RhinoMocks.3.6.1.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/RhinoMocks.3.6.1/RhinoMocks.3.6.1.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/packages/RhinoMocks.3.6.1/lib/net/Rhino.Mocks.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/RhinoMocks.3.6.1/lib/net/Rhino.Mocks.dll
--------------------------------------------------------------------------------
/client_apis/csharp/NuGet.Config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/NuGet.Config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/Newtonsoft.Json.6.0.6.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/Newtonsoft.Json.6.0.6.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/Newtonsoft.Json.6.0.7.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/Newtonsoft.Json.6.0.7.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.0.5435.29091.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.0.5435.29091.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.1.5436.29462.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.1.5436.29462.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net20/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net20/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net35/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net35/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net40/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net40/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/net45/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net20/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net20/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net35/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net35/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net40/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net40/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/net45/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/netcore45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/netcore45/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/netcore45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/netcore45/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/Newtonsoft.Json.6.0.7.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/Newtonsoft.Json.6.0.7.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net20/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net20/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net35/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net35/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net40/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net40/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/net45/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.0.5435.29091.symbols.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.0.5435.29091.symbols.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.1.5436.29462.symbols.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/nupkg/Bit9CarbonBlack.CarbonBlack.Client.1.1.5436.29462.symbols.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/netcore45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/netcore45/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/src/Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 |
3 | [assembly: AssemblyTitle("Bit9CarbonBlack.CarbonBlack.Client.Tests")]
4 | [assembly: AssemblyDescription("")]
5 |
6 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/repositories.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 |
3 | [assembly: AssemblyTitle("Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample")]
4 | [assembly: AssemblyDescription("")]
5 |
6 |
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/VisualStudioTestingExtensions.1.2.0.0.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/VisualStudioTestingExtensions.1.2.0.0.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer.v12.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer.v12.suo
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net20/SoftwareApproach.TestingExtensions.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net20/SoftwareApproach.TestingExtensions.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net20/SoftwareApproach.TestingExtensions.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net20/SoftwareApproach.TestingExtensions.pdb
--------------------------------------------------------------------------------
/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net40/SoftwareApproach.TestingExtensions.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net40/SoftwareApproach.TestingExtensions.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net40/SoftwareApproach.TestingExtensions.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/VisualStudioTestingExtensions.1.2.0.0/lib/net40/SoftwareApproach.TestingExtensions.pdb
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/portable-net45+wp80+win8+wpa81+aspnetcore50/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/lib/portable-net45+wp80+win8+wpa81+aspnetcore50/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/portable-net45+wp80+win8+wpa81+aspnetcore50/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/lib/portable-net45+wp80+win8+wpa81+aspnetcore50/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/portable-net45+wp80+win8+wpa81+aspnetcore50/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/lib/portable-net45+wp80+win8+wpa81+aspnetcore50/Newtonsoft.Json.dll
--------------------------------------------------------------------------------
/client_apis/csharp/packages/repositories.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/PathComponent.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
3 | {
4 | public abstract class PathComponent
5 | {
6 | public virtual string Name { get; set; }
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/MainWindow.baml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/MainWindow.baml
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044/lib/net45/Bit9CarbonBlack.CarbonBlack.Client.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044/lib/net45/Bit9CarbonBlack.CarbonBlack.Client.dll
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044/Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/packages/Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044/Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044.nupkg
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer_MarkupCompile.lref:
--------------------------------------------------------------------------------
1 |
2 |
3 | FC:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\MainWindow.xaml;;
4 |
5 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/Hostname.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
3 | {
4 | public class Hostname
5 | {
6 | public string Name { get; set; }
7 |
8 | public int SensorId { get; set; }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.exe
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.pdb
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/FileItemAction.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
3 | {
4 | public enum FileItemAction
5 | {
6 | Created = 1,
7 | Deleted = 4,
8 | FirstWrite = 2,
9 | LastWrite = 8
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/FilePathItemDetails.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
3 | {
4 | public class FilePathItemDetails
5 | {
6 | public FileItemAction Action { get; set; }
7 |
8 | public string TimeStamp { get; set; }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.g.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.g.resources
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.Properties.Resources.resources
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.csproj.GenerateResource.Cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-archive/cbapi/HEAD/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.csproj.GenerateResource.Cache
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/App.xaml:
--------------------------------------------------------------------------------
1 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/App.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Configuration;
4 | using System.Data;
5 | using System.Linq;
6 | using System.Windows;
7 |
8 | namespace Bit9CarbonBlack.Example.FileSystemViewer
9 | {
10 | ///
11 | /// Interaction logic for App.xaml
12 | ///
13 | public partial class App : Application
14 | {
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/FilePathFolder.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.ObjectModel;
2 |
3 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
4 | {
5 | public class FilePathFolder : PathComponent
6 | {
7 | public FilePathFolder()
8 | {
9 | this.Children = new ObservableCollection();
10 | }
11 |
12 | public ObservableCollection Children { get; set; }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.py[cod]
2 |
3 | # C extensions
4 | *.so
5 |
6 | # Packages
7 | *.egg
8 | *.egg-info
9 | dist
10 | build
11 | eggs
12 | parts
13 | bin
14 | var
15 | sdist
16 | develop-eggs
17 | .installed.cfg
18 | lib
19 | lib64
20 |
21 | # Installer logs
22 | pip-log.txt
23 |
24 | # Unit test / coverage reports
25 | .coverage
26 | .tox
27 | nosetests.xml
28 |
29 | # Translations
30 | *.mo
31 |
32 | # Mr Developer
33 | .mr.developer.cfg
34 | .project
35 | .pydevproject
36 |
37 | # IDE exclusions
38 | .idea
39 |
40 | # Mac OS X
41 | .DS_Store
42 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/FilePathItem.cs:
--------------------------------------------------------------------------------
1 |
2 | using System.Collections.ObjectModel;
3 |
4 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
5 | {
6 | public class FilePathItem : PathComponent
7 | {
8 | public FilePathItem()
9 | {
10 | this.Details = new ObservableCollection();
11 | }
12 |
13 | public ObservableCollection Details { get; set; }
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/CommonAssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Reflection;
3 | using System.Runtime.InteropServices;
4 |
5 | [assembly: AssemblyConfiguration("")]
6 | [assembly: AssemblyCompany("Bit9+CarbonBlack")]
7 | [assembly: AssemblyProduct("Bit9CarbonBlack.CarbonBlack.Client")]
8 | [assembly: AssemblyCopyright("Copyright © Bit9+CarbonBlack 2014")]
9 | [assembly: AssemblyTrademark("")]
10 | [assembly: AssemblyCulture("")]
11 |
12 | [assembly: ComVisible(false)]
13 | [assembly: CLSCompliant(true)]
14 |
15 | [assembly: AssemblyVersion("1.1.*")]
16 | [assembly: AssemblyFileVersion("1.1.0.0")]
17 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 |
4 | [assembly: AssemblyTitle("Bit9CarbonBlack.CarbonBlack.Client")]
5 | [assembly: AssemblyDescription("CarbonBlack API .NET Client")]
6 |
7 | [assembly: InternalsVisibleTo("Bit9CarbonBlack.CarbonBlack.Client.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100bdd57a854e53971a154b25f1e04e7d7df2fa2017dc2df865c73e9aa21e9e640eae9f4cde69d04f66ed6e3d23c1a378b35450884084390e998e79b332eb243487bf1e8dac3c99635bd0eca39fe2284e1abdbe34d658c7927f30803372e590fc17779d8450cb674dab1974de6c75a4a1e005af21bab3bbd6300bd8733bc413bca3")]
8 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer_MarkupCompile.cache:
--------------------------------------------------------------------------------
1 | Bit9CarbonBlack.Example.FileSystemViewer
2 |
3 |
4 | winexe
5 | C#
6 | .cs
7 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\
8 | Bit9CarbonBlack.Example.FileSystemViewer
9 | none
10 | false
11 | DEBUG;TRACE
12 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\App.xaml
13 | 11151548125
14 |
15 | 13-1192795665
16 | 15-2138446798
17 | MainWindow.xaml;
18 |
19 | False
20 |
21 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Carbon Black API
2 |
3 | ## Resources
4 |
5 | * Developer Network website: https://developer.carbonblack.com - contains reference documentation, video tutorials, and how-to guides on how to integrate with Carbon Black products
6 | * CbAPI Python module: https://cbapi.readthedocs.io - our Python module that makes interfacing with the Carbon Black APIs easy. Check it out if you're using Python to interface with Cb products.
7 | * CbAPI Python module source code: https://github.com/carbonblack/cbapi-python - the source code to the CbAPI Python module, including example scripts
8 |
9 | ## Support
10 |
11 | If you have questions on the Carbon Black API or these API Bindings, please contact us at dev-support@carbonblack.com
12 |
13 | ## License
14 |
15 | Use of the Carbon Black API is governed by the license found in LICENSE.md.
16 |
--------------------------------------------------------------------------------
/client_apis/csharp/README.md:
--------------------------------------------------------------------------------
1 | ### C# Client for Carbon Black Enterprise Server API ###
2 | http://carbonblack.com
3 |
4 | Requires .NET 4.5
5 |
6 | Example code in Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample application
7 |
8 | ```C#
9 | using Bit9CarbonBlack.CarbonBlack.Client;
10 | ...
11 | ...
12 | using (var client = new CbClient("https://my.carbonblack.server", "my_api_token"))
13 | {
14 | // get metadata for all svchost.exe
15 | var procsResponse = await client.HttpGetAsDynamicAsync("/api/v1/process?q=process_name:svchost.exe");
16 | if (procsResponse.StatusCode == HttpStatusCode.OK)
17 | {
18 | foreach (var proc in procsResponse.Response.results)
19 | {
20 | Console.WriteLine("Hostname: {0}, MD5: {1}", proc.hostname, proc.process_md5);
21 | }
22 | }
23 | }
24 | ```
25 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/Bit9CarbonBlack.CarbonBlack.Client.nuspec:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $id$
5 | $version$
6 | $title$
7 | $author$
8 | $author$
9 | https://github.com/carbonblack/cbapi
10 | https://www.bit9.com/wp-content/themes/bit92014/images/bit9-plus-carbon-black-tagline.png
11 | false
12 | $description$
13 | Initial release of CarbonBlack API .NET Client
14 | Copyright 2014
15 | CarbonBlack Bit9 Security
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/sensor_apis/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2015 Bit9+Carbon Black
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
6 | this software and associated documentation files (the "Software"), to deal in
7 | the Software without restriction, including without limitation the rights to
8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/server_apis/python/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2015 Bit9+Carbon Black
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
6 | this software and associated documentation files (the "Software"), to deal in
7 | the Software without restriction, including without limitation the rights to
8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | # License
2 |
3 | ```
4 | The MIT License (MIT)
5 |
6 | Copyright (c) 2016-2018 Carbon Black
7 |
8 | Permission is hereby granted, free of charge, to any person obtaining a copy of
9 | this software and associated documentation files (the "Software"), to deal in
10 | the Software without restriction, including without limitation the rights to
11 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
12 | the Software, and to permit persons to whom the Software is furnished to do so,
13 | subject to the following conditions:
14 |
15 | The above copyright notice and this permission notice shall be included in all
16 | copies or substantial portions of the Software.
17 |
18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
20 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
21 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
22 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
23 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
24 | ```
25 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2013
4 | VisualStudioVersion = 12.0.30501.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bit9CarbonBlack.Example.FileSystemViewer", "Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer.csproj", "{4E82255E-FF6B-4F12-88E8-456ECE798591}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {4E82255E-FF6B-4F12-88E8-456ECE798591}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {4E82255E-FF6B-4F12-88E8-456ECE798591}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {4E82255E-FF6B-4F12-88E8-456ECE798591}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {4E82255E-FF6B-4F12-88E8-456ECE798591}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | EndGlobal
23 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.34014
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Properties {
12 |
13 |
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "12.0.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
17 |
18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
19 |
20 | public static Settings Default {
21 | get {
22 | return defaultInstance;
23 | }
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/HttpClientMessageHandler.cs:
--------------------------------------------------------------------------------
1 | using System.Net.Http;
2 |
3 | namespace Bit9CarbonBlack.CarbonBlack.Client
4 | {
5 | ///
6 | /// Contains builder methods for generating a type of for using with the class.
7 | ///
8 | public static class HttpClientMessageHandler
9 | {
10 | ///
11 | /// Generates a default handler.
12 | ///
13 | /// An .
14 | public static HttpMessageHandler DefaultHandler()
15 | {
16 | return new HttpClientHandler();
17 | }
18 |
19 | ///
20 | /// Generates a handler that ignores SSL validation.
21 | /// This handler will always validate an SSL server certificate.
22 | ///
23 | /// A that ignores certificate validation.
24 | public static HttpMessageHandler SslIgnoreHandler()
25 | {
26 | return new WebRequestHandler()
27 | {
28 | ServerCertificateValidationCallback = (sender, cert, chain, errors) => { return true; }
29 | };
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/CbClientResult.cs:
--------------------------------------------------------------------------------
1 | using System.Net;
2 |
3 | namespace Bit9CarbonBlack.CarbonBlack.Client
4 | {
5 | ///
6 | /// Represents a operation response.
7 | ///
8 | /// The type for the value.
9 | public class CbClientResult where T: class
10 | {
11 | private readonly HttpStatusCode statusCode;
12 | private readonly T response;
13 |
14 | ///
15 | /// Creates a new instance of .
16 | ///
17 | /// The associated with the response.
18 | /// The contents of the response.
19 | public CbClientResult(HttpStatusCode statusCode, T response)
20 | {
21 | this.statusCode = statusCode;
22 | this.response = response;
23 | }
24 |
25 | ///
26 | /// The associated with the response.
27 | ///
28 | public HttpStatusCode StatusCode { get { return this.statusCode; } }
29 |
30 | ///
31 | /// The contents of the response.
32 | ///
33 | public T Response { get { return this.response; } }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/SolrExtensions.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Globalization;
3 |
4 | namespace Bit9CarbonBlack.CarbonBlack.Client
5 | {
6 | ///
7 | /// Extension methods for SOLR interactions.
8 | ///
9 | public static class SolrExtensions
10 | {
11 | ///
12 | /// Converts a to a SOLR compatible datetime string, optionally converting to UTC.
13 | ///
14 | /// The to convert from.
15 | /// true to perform UTC conversion; otherwise, false (the default).
16 | /// A string representation of the SOLR datetime.
17 | public static string ConvertToSolrDateTime(this DateTime source, bool performUTCConversion = false)
18 | {
19 | return (performUTCConversion ? source.ToUniversalTime() : source).ToString("yyyy-MM-ddTHH:mm:ss");
20 | }
21 |
22 | ///
23 | /// Attempts to convert a SOLR compatible datetime string to a as UTC.
24 | ///
25 | /// The datetime string to convert from.
26 | /// A that represents the SOLR datetime, or null if the conversion failed.
27 | public static DateTime? TryConvertFromSolrDateTime(this string source)
28 | {
29 | DateTime result;
30 | if (DateTime.TryParseExact(source, new String[] { "yyyy-MM-ddTHH:mm:ss", "yyyy-MM-ddTHH:mm:ssZ", "yyyy-MM-ddTHH:mm:ss.fffZ" },
31 | CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal | DateTimeStyles.AdjustToUniversal, out result))
32 | {
33 | return result;
34 | }
35 | else
36 | {
37 | return null;
38 | }
39 | }
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Resources;
3 | using System.Runtime.CompilerServices;
4 | using System.Runtime.InteropServices;
5 | using System.Windows;
6 |
7 | // General Information about an assembly is controlled through the following
8 | // set of attributes. Change these attribute values to modify the information
9 | // associated with an assembly.
10 | [assembly: AssemblyTitle("Bit9CarbonBlack.Example.FileSystemViewer")]
11 | [assembly: AssemblyDescription("")]
12 | [assembly: AssemblyConfiguration("")]
13 | [assembly: AssemblyCompany("")]
14 | [assembly: AssemblyProduct("Bit9CarbonBlack.Example.FileSystemViewer")]
15 | [assembly: AssemblyCopyright("Copyright © 2015")]
16 | [assembly: AssemblyTrademark("")]
17 | [assembly: AssemblyCulture("")]
18 |
19 | // Setting ComVisible to false makes the types in this assembly not visible
20 | // to COM components. If you need to access a type in this assembly from
21 | // COM, set the ComVisible attribute to true on that type.
22 | [assembly: ComVisible(false)]
23 |
24 | //In order to begin building localizable applications, set
25 | //CultureYouAreCodingWith in your .csproj file
26 | //inside a . For example, if you are using US english
27 | //in your source files, set the to en-US. Then uncomment
28 | //the NeutralResourceLanguage attribute below. Update the "en-US" in
29 | //the line below to match the UICulture setting in the project file.
30 |
31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)]
32 |
33 |
34 | [assembly: ThemeInfo(
35 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located
36 | //(used if a resource is not found in the page,
37 | // or application resource dictionaries)
38 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located
39 | //(used if a resource is not found in the page,
40 | // app, or any theme specific resource dictionaries)
41 | )]
42 |
43 |
44 | // Version information for an assembly consists of the following four values:
45 | //
46 | // Major Version
47 | // Minor Version
48 | // Build Number
49 | // Revision
50 | //
51 | // You can specify all the values or you can default the Build and Revision Numbers
52 | // by using the '*' as shown below:
53 | // [assembly: AssemblyVersion("1.0.*")]
54 | [assembly: AssemblyVersion("1.0.0.0")]
55 | [assembly: AssemblyFileVersion("1.0.0.0")]
56 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/App.g.cs:
--------------------------------------------------------------------------------
1 | #pragma checksum "..\..\App.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "339C3C87B5A312808EE6B558721A04E5"
2 | //------------------------------------------------------------------------------
3 | //
4 | // This code was generated by a tool.
5 | // Runtime Version:4.0.30319.34014
6 | //
7 | // Changes to this file may cause incorrect behavior and will be lost if
8 | // the code is regenerated.
9 | //
10 | //------------------------------------------------------------------------------
11 |
12 | using System;
13 | using System.Diagnostics;
14 | using System.Windows;
15 | using System.Windows.Automation;
16 | using System.Windows.Controls;
17 | using System.Windows.Controls.Primitives;
18 | using System.Windows.Data;
19 | using System.Windows.Documents;
20 | using System.Windows.Ink;
21 | using System.Windows.Input;
22 | using System.Windows.Markup;
23 | using System.Windows.Media;
24 | using System.Windows.Media.Animation;
25 | using System.Windows.Media.Effects;
26 | using System.Windows.Media.Imaging;
27 | using System.Windows.Media.Media3D;
28 | using System.Windows.Media.TextFormatting;
29 | using System.Windows.Navigation;
30 | using System.Windows.Shapes;
31 | using System.Windows.Shell;
32 |
33 |
34 | namespace Bit9CarbonBlack.Example.FileSystemViewer {
35 |
36 |
37 | ///
38 | /// App
39 | ///
40 | public partial class App : System.Windows.Application {
41 |
42 | ///
43 | /// InitializeComponent
44 | ///
45 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
46 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
47 | public void InitializeComponent() {
48 |
49 | #line 4 "..\..\App.xaml"
50 | this.StartupUri = new System.Uri("MainWindow.xaml", System.UriKind.Relative);
51 |
52 | #line default
53 | #line hidden
54 | }
55 |
56 | ///
57 | /// Application Entry Point.
58 | ///
59 | [System.STAThreadAttribute()]
60 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
61 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
62 | public static void Main() {
63 | Bit9CarbonBlack.Example.FileSystemViewer.App app = new Bit9CarbonBlack.Example.FileSystemViewer.App();
64 | app.InitializeComponent();
65 | app.Run();
66 | }
67 | }
68 | }
69 |
70 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/App.g.i.cs:
--------------------------------------------------------------------------------
1 | #pragma checksum "..\..\App.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "339C3C87B5A312808EE6B558721A04E5"
2 | //------------------------------------------------------------------------------
3 | //
4 | // This code was generated by a tool.
5 | // Runtime Version:4.0.30319.34014
6 | //
7 | // Changes to this file may cause incorrect behavior and will be lost if
8 | // the code is regenerated.
9 | //
10 | //------------------------------------------------------------------------------
11 |
12 | using System;
13 | using System.Diagnostics;
14 | using System.Windows;
15 | using System.Windows.Automation;
16 | using System.Windows.Controls;
17 | using System.Windows.Controls.Primitives;
18 | using System.Windows.Data;
19 | using System.Windows.Documents;
20 | using System.Windows.Ink;
21 | using System.Windows.Input;
22 | using System.Windows.Markup;
23 | using System.Windows.Media;
24 | using System.Windows.Media.Animation;
25 | using System.Windows.Media.Effects;
26 | using System.Windows.Media.Imaging;
27 | using System.Windows.Media.Media3D;
28 | using System.Windows.Media.TextFormatting;
29 | using System.Windows.Navigation;
30 | using System.Windows.Shapes;
31 | using System.Windows.Shell;
32 |
33 |
34 | namespace Bit9CarbonBlack.Example.FileSystemViewer {
35 |
36 |
37 | ///
38 | /// App
39 | ///
40 | public partial class App : System.Windows.Application {
41 |
42 | ///
43 | /// InitializeComponent
44 | ///
45 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
46 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
47 | public void InitializeComponent() {
48 |
49 | #line 4 "..\..\App.xaml"
50 | this.StartupUri = new System.Uri("MainWindow.xaml", System.UriKind.Relative);
51 |
52 | #line default
53 | #line hidden
54 | }
55 |
56 | ///
57 | /// Application Entry Point.
58 | ///
59 | [System.STAThreadAttribute()]
60 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
61 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
62 | public static void Main() {
63 | Bit9CarbonBlack.Example.FileSystemViewer.App app = new Bit9CarbonBlack.Example.FileSystemViewer.App();
64 | app.InitializeComponent();
65 | app.Run();
66 | }
67 | }
68 | }
69 |
70 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests/SolrExtensionsTest.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.VisualStudio.TestTools.UnitTesting;
2 | using SoftwareApproach.TestingExtensions;
3 | using System;
4 |
5 | namespace Bit9CarbonBlack.CarbonBlack.Client
6 | {
7 | [TestClass]
8 | public class SolrExtensionsTest
9 | {
10 | [TestMethod]
11 | public void ConvertToSolrDateTime_should_convert_datetime_to_a_solr_datetime()
12 | {
13 | DateTime date = DateTime.Now;
14 | var expected = date.ToString("yyyy-MM-ddTHH:mm:ss");
15 |
16 | var actual = date.ConvertToSolrDateTime();
17 |
18 | actual.ShouldEqual(expected);
19 | }
20 |
21 | [TestMethod]
22 | public void ConvertToSolrDateTime_should_convert_datetime_to_a_solr_datetime_as_UTC()
23 | {
24 | DateTime date = DateTime.Now;
25 | var expected = date.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss");
26 |
27 | var actual = date.ConvertToSolrDateTime(true);
28 |
29 | actual.ShouldEqual(expected);
30 | }
31 |
32 | [TestMethod]
33 | public void TryConvertFromSolrDateTime_should_convert_solr_datetime_to_a_datetime()
34 | {
35 | string date = "2011-11-11T11:11:11Z";
36 | var expected = new DateTime(2011, 11, 11, 11, 11, 11, DateTimeKind.Utc);
37 |
38 | var actual = date.TryConvertFromSolrDateTime();
39 |
40 | actual.ShouldEqual(expected);
41 | }
42 |
43 | [TestMethod]
44 | public void TryConvertFromSolrDateTime_should_convert_solr_datetime_to_a_datetime_without_Z()
45 | {
46 | string date = "2011-11-11T11:11:11";
47 | var expected = new DateTime(2011, 11, 11, 11, 11, 11, DateTimeKind.Utc);
48 |
49 | var actual = date.TryConvertFromSolrDateTime();
50 |
51 | actual.ShouldEqual(expected);
52 | }
53 |
54 | [TestMethod]
55 | public void TryConvertFromSolrDateTime_should_convert_solr_datetime_to_a_datetime_with_milliseconds()
56 | {
57 | string date = "2011-11-11T11:11:11.111Z";
58 | var expected = new DateTime(2011, 11, 11, 11, 11, 11, 111, DateTimeKind.Utc);
59 |
60 | var actual = date.TryConvertFromSolrDateTime();
61 |
62 | actual.ShouldEqual(expected);
63 | }
64 |
65 | [TestMethod]
66 | public void TryConvertFromSolrDateTime_should_return_null_if_string_can_not_be_parsed()
67 | {
68 | string date = "datetime";
69 |
70 | var actual = date.TryConvertFromSolrDateTime();
71 |
72 | actual.ShouldBeNull();
73 | }
74 | }
75 | }
76 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Model/ObservableFileSystem.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.ObjectModel;
3 | using System.ComponentModel;
4 | using System.Linq;
5 | using System.Windows;
6 |
7 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Model
8 | {
9 | public class ObservableFileSystem : ObservableCollection
10 | {
11 | private int fileCount;
12 |
13 | public int FileCount
14 | {
15 | get
16 | {
17 | return this.fileCount;
18 | }
19 | private set
20 | {
21 | this.fileCount = value;
22 | this.OnPropertyChanged(new PropertyChangedEventArgs("FileCount"));
23 | }
24 | }
25 |
26 | protected override void ClearItems()
27 | {
28 | base.ClearItems();
29 | this.FileCount = 0;
30 | }
31 |
32 | public void AddFileSystemItem(string path, string timestamp, int action)
33 | {
34 | var pathParts = path.Split(new string[] { @"\", @"\\", "/" }, System.StringSplitOptions.RemoveEmptyEntries);
35 | var pathPartsLength = pathParts.Length;
36 | if (pathParts.Length == 0)
37 | {
38 | return;
39 | }
40 |
41 | FilePathFolder currentPath = (FilePathFolder)this.FirstOrDefault(x => x is FilePathFolder && String.Compare(x.Name, pathParts[0], true) == 0);
42 | if (currentPath == null)
43 | {
44 | currentPath = new FilePathFolder() { Name = pathParts[0] };
45 | this.Add(currentPath);
46 | }
47 |
48 | for (int i = 1; i < pathPartsLength - 1; i++)
49 | {
50 | var tempcurrentPath = (FilePathFolder)currentPath.Children.FirstOrDefault(x => x is FilePathFolder && String.Compare(x.Name, pathParts[i], true) == 0);
51 | if (tempcurrentPath == null)
52 | {
53 | tempcurrentPath = new FilePathFolder() { Name = pathParts[i] };
54 | currentPath.Children.Add(tempcurrentPath);
55 | }
56 |
57 | currentPath = tempcurrentPath;
58 | }
59 |
60 | FilePathItem item = (FilePathItem)currentPath.Children.FirstOrDefault(x => x is FilePathItem && String.Compare(x.Name, pathParts[pathPartsLength - 1], true) == 0);
61 | if (item == null)
62 | {
63 | item = new FilePathItem() { Name = pathParts[pathPartsLength - 1] };
64 | currentPath.Children.Add(item);
65 | FileCount++;
66 | }
67 |
68 | item.Details.Add(new FilePathItemDetails() { Action = (FileItemAction)action, TimeStamp = timestamp } );
69 | }
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2013
4 | VisualStudioVersion = 12.0.30501.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bit9CarbonBlack.CarbonBlack.Client", "Bit9CarbonBlack.CarbonBlack.Client\Bit9CarbonBlack.CarbonBlack.Client.csproj", "{69E3504C-7647-4696-A31D-F8E2A2A8CA61}"
7 | EndProject
8 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{BBBA85B0-AECE-40F2-BE1F-5826574E62C5}"
9 | ProjectSection(SolutionItems) = preProject
10 | Bit9CarbonBlack.CarbonBlack.Client.snk = Bit9CarbonBlack.CarbonBlack.Client.snk
11 | CommonAssemblyInfo.cs = CommonAssemblyInfo.cs
12 | EndProjectSection
13 | EndProject
14 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Tests", "Tests", "{06020637-4423-41F5-9CDE-0342F2444866}"
15 | EndProject
16 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bit9CarbonBlack.CarbonBlack.Client.Tests", "tests\Bit9CarbonBlack.CarbonBlack.Client.Tests\Bit9CarbonBlack.CarbonBlack.Client.Tests.csproj", "{C871BF8F-3616-41B4-8B3A-A31A61410597}"
17 | EndProject
18 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample", "Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample\Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample.csproj", "{26356EB2-470C-4461-99A2-5994AD426C47}"
19 | EndProject
20 | Global
21 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
22 | Debug|Any CPU = Debug|Any CPU
23 | Release|Any CPU = Release|Any CPU
24 | EndGlobalSection
25 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
26 | {69E3504C-7647-4696-A31D-F8E2A2A8CA61}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
27 | {69E3504C-7647-4696-A31D-F8E2A2A8CA61}.Debug|Any CPU.Build.0 = Debug|Any CPU
28 | {69E3504C-7647-4696-A31D-F8E2A2A8CA61}.Release|Any CPU.ActiveCfg = Release|Any CPU
29 | {69E3504C-7647-4696-A31D-F8E2A2A8CA61}.Release|Any CPU.Build.0 = Release|Any CPU
30 | {C871BF8F-3616-41B4-8B3A-A31A61410597}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
31 | {C871BF8F-3616-41B4-8B3A-A31A61410597}.Debug|Any CPU.Build.0 = Debug|Any CPU
32 | {C871BF8F-3616-41B4-8B3A-A31A61410597}.Release|Any CPU.ActiveCfg = Release|Any CPU
33 | {C871BF8F-3616-41B4-8B3A-A31A61410597}.Release|Any CPU.Build.0 = Release|Any CPU
34 | {26356EB2-470C-4461-99A2-5994AD426C47}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
35 | {26356EB2-470C-4461-99A2-5994AD426C47}.Debug|Any CPU.Build.0 = Debug|Any CPU
36 | {26356EB2-470C-4461-99A2-5994AD426C47}.Release|Any CPU.ActiveCfg = Release|Any CPU
37 | {26356EB2-470C-4461-99A2-5994AD426C47}.Release|Any CPU.Build.0 = Release|Any CPU
38 | EndGlobalSection
39 | GlobalSection(SolutionProperties) = preSolution
40 | HideSolutionNode = FALSE
41 | EndGlobalSection
42 | GlobalSection(NestedProjects) = preSolution
43 | {C871BF8F-3616-41B4-8B3A-A31A61410597} = {06020637-4423-41F5-9CDE-0342F2444866}
44 | EndGlobalSection
45 | EndGlobal
46 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.34014
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Properties {
12 | using System;
13 |
14 |
15 | ///
16 | /// A strongly-typed resource class, for looking up localized strings, etc.
17 | ///
18 | // This class was auto-generated by the StronglyTypedResourceBuilder
19 | // class via a tool like ResGen or Visual Studio.
20 | // To add or remove a member, edit your .ResX file then rerun ResGen
21 | // with the /str option, or rebuild your VS project.
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | internal class Resources {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal Resources() {
33 | }
34 |
35 | ///
36 | /// Returns the cached ResourceManager instance used by this class.
37 | ///
38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
39 | internal static global::System.Resources.ResourceManager ResourceManager {
40 | get {
41 | if (object.ReferenceEquals(resourceMan, null)) {
42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Bit9CarbonBlack.Example.FileSystemViewer.Properties.Resources", typeof(Resources).Assembly);
43 | resourceMan = temp;
44 | }
45 | return resourceMan;
46 | }
47 | }
48 |
49 | ///
50 | /// Overrides the current thread's CurrentUICulture property for all
51 | /// resource lookups using this strongly typed resource class.
52 | ///
53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
54 | internal static global::System.Globalization.CultureInfo Culture {
55 | get {
56 | return resourceCulture;
57 | }
58 | set {
59 | resourceCulture = value;
60 | }
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/server_apis/python/example/subscribe_all.py:
--------------------------------------------------------------------------------
1 | import sys
2 | import pika
3 | import pprint
4 | import random
5 | import optparse
6 | import eventsv2_pb2 as cpb
7 |
8 | def on_message(channel, method_frame, header_frame, body):
9 |
10 | try:
11 |
12 | print method_frame.routing_key
13 |
14 | if "application/protobuf" == header_frame.content_type:
15 | x = cpb.CbEventMsg()
16 | x.ParseFromString(body)
17 | print "EVENT: %s" % x
18 |
19 | elif "application/json" == header_frame.content_type:
20 | print "json"
21 | else:
22 | print header_frame.content_type
23 | #pprint.pprint(body)
24 | print
25 |
26 | except Exception, e:
27 | print e
28 | finally:
29 | # need to make sure we ack the messages so they don't get left un-acked in the queue
30 | # we set multiple to true to ensure that we ack all previous messages
31 | channel.basic_ack(delivery_tag=method_frame.delivery_tag, multiple=True)
32 |
33 | return
34 |
35 | def generate_queue_name():
36 | """
37 | generates a random queue name
38 | """
39 | return str(random.randint(0,10000)) + "-" + str(random.randint(0,100000))
40 |
41 | def build_cli_parser():
42 | parser = optparse.OptionParser(usage="%prog [options]", description="Example CBSAPI script to consume published events")
43 | parser.add_option("-p", "--password", action="store", default=None, dest="password",
44 | help="RabbitMQ password; see /etc/cb/cb.conf")
45 | parser.add_option("-u", "--usename", action="store", default="cb", dest="username",
46 | help="RabbitMQ username; see /etc/cb/cb.conf")
47 | return parser
48 |
49 | if __name__ == "__main__":
50 |
51 | # build the command line parser and ensure that the required password option was provided
52 | #
53 | parser = build_cli_parser()
54 | opts, args = parser.parse_args(sys.argv)
55 | if not opts.password:
56 | print "Missing password param; run with -h for usage"
57 | sys.exit(-1)
58 |
59 | # Set the connection parameters to connect to rabbit-server1 on port 5672
60 | # on the / virtual host using the username "guest" and password "guest"
61 | credentials = pika.PlainCredentials(opts.username, opts.password)
62 | parameters = pika.ConnectionParameters('localhost',
63 | 5004,
64 | '/',
65 | credentials)
66 |
67 | connection = pika.BlockingConnection(parameters)
68 | channel = connection.channel()
69 |
70 | queue_name = generate_queue_name()
71 |
72 | # make sure you use auto_delete so the queue isn't left filling
73 | # with events when this program exists.
74 | channel.queue_declare(queue=queue_name, auto_delete=True)
75 |
76 | channel.queue_bind(exchange='api.events', queue=queue_name, routing_key='#')
77 |
78 | channel.basic_consume(on_message, queue=queue_name)
79 |
80 | print "-> Subscribed!"
81 |
82 | try:
83 | channel.start_consuming()
84 | except KeyboardInterrupt:
85 | channel.stop_consuming()
86 |
87 | connection.close()
88 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/GeneratedInternalTypeHelper.g.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.34014
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace XamlGeneratedNamespace {
12 |
13 |
14 | ///
15 | /// GeneratedInternalTypeHelper
16 | ///
17 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
18 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
19 | [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
20 | public sealed class GeneratedInternalTypeHelper : System.Windows.Markup.InternalTypeHelper {
21 |
22 | ///
23 | /// CreateInstance
24 | ///
25 | protected override object CreateInstance(System.Type type, System.Globalization.CultureInfo culture) {
26 | return System.Activator.CreateInstance(type, ((System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.NonPublic)
27 | | (System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.CreateInstance)), null, null, culture);
28 | }
29 |
30 | ///
31 | /// GetPropertyValue
32 | ///
33 | protected override object GetPropertyValue(System.Reflection.PropertyInfo propertyInfo, object target, System.Globalization.CultureInfo culture) {
34 | return propertyInfo.GetValue(target, System.Reflection.BindingFlags.Default, null, null, culture);
35 | }
36 |
37 | ///
38 | /// SetPropertyValue
39 | ///
40 | protected override void SetPropertyValue(System.Reflection.PropertyInfo propertyInfo, object target, object value, System.Globalization.CultureInfo culture) {
41 | propertyInfo.SetValue(target, value, System.Reflection.BindingFlags.Default, null, null, culture);
42 | }
43 |
44 | ///
45 | /// CreateDelegate
46 | ///
47 | protected override System.Delegate CreateDelegate(System.Type delegateType, object target, string handler) {
48 | return ((System.Delegate)(target.GetType().InvokeMember("_CreateDelegate", (System.Reflection.BindingFlags.InvokeMethod
49 | | (System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)), null, target, new object[] {
50 | delegateType,
51 | handler}, null)));
52 | }
53 |
54 | ///
55 | /// AddEventHandler
56 | ///
57 | protected override void AddEventHandler(System.Reflection.EventInfo eventInfo, object target, System.Delegate handler) {
58 | eventInfo.AddEventHandler(target, handler);
59 | }
60 | }
61 | }
62 |
63 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/GeneratedInternalTypeHelper.g.i.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.34014
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace XamlGeneratedNamespace {
12 |
13 |
14 | ///
15 | /// GeneratedInternalTypeHelper
16 | ///
17 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
18 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
19 | [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
20 | public sealed class GeneratedInternalTypeHelper : System.Windows.Markup.InternalTypeHelper {
21 |
22 | ///
23 | /// CreateInstance
24 | ///
25 | protected override object CreateInstance(System.Type type, System.Globalization.CultureInfo culture) {
26 | return System.Activator.CreateInstance(type, ((System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.NonPublic)
27 | | (System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.CreateInstance)), null, null, culture);
28 | }
29 |
30 | ///
31 | /// GetPropertyValue
32 | ///
33 | protected override object GetPropertyValue(System.Reflection.PropertyInfo propertyInfo, object target, System.Globalization.CultureInfo culture) {
34 | return propertyInfo.GetValue(target, System.Reflection.BindingFlags.Default, null, null, culture);
35 | }
36 |
37 | ///
38 | /// SetPropertyValue
39 | ///
40 | protected override void SetPropertyValue(System.Reflection.PropertyInfo propertyInfo, object target, object value, System.Globalization.CultureInfo culture) {
41 | propertyInfo.SetValue(target, value, System.Reflection.BindingFlags.Default, null, null, culture);
42 | }
43 |
44 | ///
45 | /// CreateDelegate
46 | ///
47 | protected override System.Delegate CreateDelegate(System.Type delegateType, object target, string handler) {
48 | return ((System.Delegate)(target.GetType().InvokeMember("_CreateDelegate", (System.Reflection.BindingFlags.InvokeMethod
49 | | (System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)), null, target, new object[] {
50 | delegateType,
51 | handler}, null)));
52 | }
53 |
54 | ///
55 | /// AddEventHandler
56 | ///
57 | protected override void AddEventHandler(System.Reflection.EventInfo eventInfo, object target, System.Delegate handler) {
58 | eventInfo.AddEventHandler(target, handler);
59 | }
60 | }
61 | }
62 |
63 |
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.6/tools/install.ps1:
--------------------------------------------------------------------------------
1 | param($installPath, $toolsPath, $package, $project)
2 |
3 | # open json.net splash page on package install
4 | # don't open if json.net is installed as a dependency
5 |
6 | try
7 | {
8 | $url = "http://james.newtonking.com/json"
9 | $dte2 = Get-Interface $dte ([EnvDTE80.DTE2])
10 |
11 | if ($dte2.ActiveWindow.Caption -eq "Package Manager Console")
12 | {
13 | # user is installing from VS NuGet console
14 | # get reference to the window, the console host and the input history
15 | # show webpage if "install-package newtonsoft.json" was last input
16 |
17 | $consoleWindow = $(Get-VSComponentModel).GetService([NuGetConsole.IPowerConsoleWindow])
18 |
19 | $props = $consoleWindow.GetType().GetProperties([System.Reflection.BindingFlags]::Instance -bor `
20 | [System.Reflection.BindingFlags]::NonPublic)
21 |
22 | $prop = $props | ? { $_.Name -eq "ActiveHostInfo" } | select -first 1
23 | if ($prop -eq $null) { return }
24 |
25 | $hostInfo = $prop.GetValue($consoleWindow)
26 | if ($hostInfo -eq $null) { return }
27 |
28 | $history = $hostInfo.WpfConsole.InputHistory.History
29 |
30 | $lastCommand = $history | select -last 1
31 |
32 | if ($lastCommand)
33 | {
34 | $lastCommand = $lastCommand.Trim().ToLower()
35 | if ($lastCommand.StartsWith("install-package") -and $lastCommand.Contains("newtonsoft.json"))
36 | {
37 | $dte2.ItemOperations.Navigate($url) | Out-Null
38 | }
39 | }
40 | }
41 | else
42 | {
43 | # user is installing from VS NuGet dialog
44 | # get reference to the window, then smart output console provider
45 | # show webpage if messages in buffered console contains "installing...newtonsoft.json" in last operation
46 |
47 | $instanceField = [NuGet.Dialog.PackageManagerWindow].GetField("CurrentInstance", [System.Reflection.BindingFlags]::Static -bor `
48 | [System.Reflection.BindingFlags]::NonPublic)
49 | $consoleField = [NuGet.Dialog.PackageManagerWindow].GetField("_smartOutputConsoleProvider", [System.Reflection.BindingFlags]::Instance -bor `
50 | [System.Reflection.BindingFlags]::NonPublic)
51 | if ($instanceField -eq $null -or $consoleField -eq $null) { return }
52 |
53 | $instance = $instanceField.GetValue($null)
54 | if ($instance -eq $null) { return }
55 |
56 | $consoleProvider = $consoleField.GetValue($instance)
57 | if ($consoleProvider -eq $null) { return }
58 |
59 | $console = $consoleProvider.CreateOutputConsole($false)
60 |
61 | $messagesField = $console.GetType().GetField("_messages", [System.Reflection.BindingFlags]::Instance -bor `
62 | [System.Reflection.BindingFlags]::NonPublic)
63 | if ($messagesField -eq $null) { return }
64 |
65 | $messages = $messagesField.GetValue($console)
66 | if ($messages -eq $null) { return }
67 |
68 | $operations = $messages -split "=============================="
69 |
70 | $lastOperation = $operations | select -last 1
71 |
72 | if ($lastOperation)
73 | {
74 | $lastOperation = $lastOperation.ToLower()
75 |
76 | $lines = $lastOperation -split "`r`n"
77 |
78 | $installMatch = $lines | ? { $_.StartsWith("------- installing...newtonsoft.json ") } | select -first 1
79 |
80 | if ($installMatch)
81 | {
82 | $dte2.ItemOperations.Navigate($url) | Out-Null
83 | }
84 | }
85 | }
86 | }
87 | catch
88 | {
89 | # stop potential errors from bubbling up
90 | # worst case the splash page won't open
91 | }
92 |
93 | # yolo
--------------------------------------------------------------------------------
/client_apis/csharp/packages/Newtonsoft.Json.6.0.7/tools/install.ps1:
--------------------------------------------------------------------------------
1 | param($installPath, $toolsPath, $package, $project)
2 |
3 | # open json.net splash page on package install
4 | # don't open if json.net is installed as a dependency
5 |
6 | try
7 | {
8 | $url = "http://james.newtonking.com/json"
9 | $dte2 = Get-Interface $dte ([EnvDTE80.DTE2])
10 |
11 | if ($dte2.ActiveWindow.Caption -eq "Package Manager Console")
12 | {
13 | # user is installing from VS NuGet console
14 | # get reference to the window, the console host and the input history
15 | # show webpage if "install-package newtonsoft.json" was last input
16 |
17 | $consoleWindow = $(Get-VSComponentModel).GetService([NuGetConsole.IPowerConsoleWindow])
18 |
19 | $props = $consoleWindow.GetType().GetProperties([System.Reflection.BindingFlags]::Instance -bor `
20 | [System.Reflection.BindingFlags]::NonPublic)
21 |
22 | $prop = $props | ? { $_.Name -eq "ActiveHostInfo" } | select -first 1
23 | if ($prop -eq $null) { return }
24 |
25 | $hostInfo = $prop.GetValue($consoleWindow)
26 | if ($hostInfo -eq $null) { return }
27 |
28 | $history = $hostInfo.WpfConsole.InputHistory.History
29 |
30 | $lastCommand = $history | select -last 1
31 |
32 | if ($lastCommand)
33 | {
34 | $lastCommand = $lastCommand.Trim().ToLower()
35 | if ($lastCommand.StartsWith("install-package") -and $lastCommand.Contains("newtonsoft.json"))
36 | {
37 | $dte2.ItemOperations.Navigate($url) | Out-Null
38 | }
39 | }
40 | }
41 | else
42 | {
43 | # user is installing from VS NuGet dialog
44 | # get reference to the window, then smart output console provider
45 | # show webpage if messages in buffered console contains "installing...newtonsoft.json" in last operation
46 |
47 | $instanceField = [NuGet.Dialog.PackageManagerWindow].GetField("CurrentInstance", [System.Reflection.BindingFlags]::Static -bor `
48 | [System.Reflection.BindingFlags]::NonPublic)
49 | $consoleField = [NuGet.Dialog.PackageManagerWindow].GetField("_smartOutputConsoleProvider", [System.Reflection.BindingFlags]::Instance -bor `
50 | [System.Reflection.BindingFlags]::NonPublic)
51 | if ($instanceField -eq $null -or $consoleField -eq $null) { return }
52 |
53 | $instance = $instanceField.GetValue($null)
54 | if ($instance -eq $null) { return }
55 |
56 | $consoleProvider = $consoleField.GetValue($instance)
57 | if ($consoleProvider -eq $null) { return }
58 |
59 | $console = $consoleProvider.CreateOutputConsole($false)
60 |
61 | $messagesField = $console.GetType().GetField("_messages", [System.Reflection.BindingFlags]::Instance -bor `
62 | [System.Reflection.BindingFlags]::NonPublic)
63 | if ($messagesField -eq $null) { return }
64 |
65 | $messages = $messagesField.GetValue($console)
66 | if ($messages -eq $null) { return }
67 |
68 | $operations = $messages -split "=============================="
69 |
70 | $lastOperation = $operations | select -last 1
71 |
72 | if ($lastOperation)
73 | {
74 | $lastOperation = $lastOperation.ToLower()
75 |
76 | $lines = $lastOperation -split "`r`n"
77 |
78 | $installMatch = $lines | ? { $_.StartsWith("------- installing...newtonsoft.json ") } | select -first 1
79 |
80 | if ($installMatch)
81 | {
82 | $dte2.ItemOperations.Navigate($url) | Out-Null
83 | }
84 | }
85 | }
86 | }
87 | catch
88 | {
89 | # stop potential errors from bubbling up
90 | # worst case the splash page won't open
91 | }
92 |
93 | # yolo
--------------------------------------------------------------------------------
/client_apis/csharp/example/packages/Newtonsoft.Json.6.0.7/tools/install.ps1:
--------------------------------------------------------------------------------
1 | param($installPath, $toolsPath, $package, $project)
2 |
3 | # open json.net splash page on package install
4 | # don't open if json.net is installed as a dependency
5 |
6 | try
7 | {
8 | $url = "http://james.newtonking.com/json"
9 | $dte2 = Get-Interface $dte ([EnvDTE80.DTE2])
10 |
11 | if ($dte2.ActiveWindow.Caption -eq "Package Manager Console")
12 | {
13 | # user is installing from VS NuGet console
14 | # get reference to the window, the console host and the input history
15 | # show webpage if "install-package newtonsoft.json" was last input
16 |
17 | $consoleWindow = $(Get-VSComponentModel).GetService([NuGetConsole.IPowerConsoleWindow])
18 |
19 | $props = $consoleWindow.GetType().GetProperties([System.Reflection.BindingFlags]::Instance -bor `
20 | [System.Reflection.BindingFlags]::NonPublic)
21 |
22 | $prop = $props | ? { $_.Name -eq "ActiveHostInfo" } | select -first 1
23 | if ($prop -eq $null) { return }
24 |
25 | $hostInfo = $prop.GetValue($consoleWindow)
26 | if ($hostInfo -eq $null) { return }
27 |
28 | $history = $hostInfo.WpfConsole.InputHistory.History
29 |
30 | $lastCommand = $history | select -last 1
31 |
32 | if ($lastCommand)
33 | {
34 | $lastCommand = $lastCommand.Trim().ToLower()
35 | if ($lastCommand.StartsWith("install-package") -and $lastCommand.Contains("newtonsoft.json"))
36 | {
37 | $dte2.ItemOperations.Navigate($url) | Out-Null
38 | }
39 | }
40 | }
41 | else
42 | {
43 | # user is installing from VS NuGet dialog
44 | # get reference to the window, then smart output console provider
45 | # show webpage if messages in buffered console contains "installing...newtonsoft.json" in last operation
46 |
47 | $instanceField = [NuGet.Dialog.PackageManagerWindow].GetField("CurrentInstance", [System.Reflection.BindingFlags]::Static -bor `
48 | [System.Reflection.BindingFlags]::NonPublic)
49 | $consoleField = [NuGet.Dialog.PackageManagerWindow].GetField("_smartOutputConsoleProvider", [System.Reflection.BindingFlags]::Instance -bor `
50 | [System.Reflection.BindingFlags]::NonPublic)
51 | if ($instanceField -eq $null -or $consoleField -eq $null) { return }
52 |
53 | $instance = $instanceField.GetValue($null)
54 | if ($instance -eq $null) { return }
55 |
56 | $consoleProvider = $consoleField.GetValue($instance)
57 | if ($consoleProvider -eq $null) { return }
58 |
59 | $console = $consoleProvider.CreateOutputConsole($false)
60 |
61 | $messagesField = $console.GetType().GetField("_messages", [System.Reflection.BindingFlags]::Instance -bor `
62 | [System.Reflection.BindingFlags]::NonPublic)
63 | if ($messagesField -eq $null) { return }
64 |
65 | $messages = $messagesField.GetValue($console)
66 | if ($messages -eq $null) { return }
67 |
68 | $operations = $messages -split "=============================="
69 |
70 | $lastOperation = $operations | select -last 1
71 |
72 | if ($lastOperation)
73 | {
74 | $lastOperation = $lastOperation.ToLower()
75 |
76 | $lines = $lastOperation -split "`r`n"
77 |
78 | $installMatch = $lines | ? { $_.StartsWith("------- installing...newtonsoft.json ") } | select -first 1
79 |
80 | if ($installMatch)
81 | {
82 | $dte2.ItemOperations.Navigate($url) | Out-Null
83 | }
84 | }
85 | }
86 | }
87 | catch
88 | {
89 | # stop potential errors from bubbling up
90 | # worst case the splash page won't open
91 | }
92 |
93 | # yolo
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/MainWindow.xaml:
--------------------------------------------------------------------------------
1 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 | https://cb-server-address
22 | your-api-token
23 | sensor-hostname-to-load
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/Bit9CarbonBlack.Example.FileSystemViewer.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Bit9CarbonBlack.Example.FileSystemViewer.exe.config
2 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Bit9CarbonBlack.Example.FileSystemViewer.exe
3 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Bit9CarbonBlack.Example.FileSystemViewer.pdb
4 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Bit9CarbonBlack.CarbonBlack.Client.dll
5 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Newtonsoft.Json.dll
6 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\System.Net.Http.Formatting.dll
7 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Bit9CarbonBlack.CarbonBlack.Client.xml
8 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\Newtonsoft.Json.xml
9 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\bin\Debug\System.Net.Http.Formatting.xml
10 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\MainWindow.g.cs
11 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\App.g.cs
12 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\GeneratedInternalTypeHelper.g.cs
13 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer_MarkupCompile.cache
14 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer_MarkupCompile.lref
15 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\MainWindow.baml
16 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer.g.resources
17 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer.Properties.Resources.resources
18 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer.csproj.GenerateResource.Cache
19 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer.exe
20 | C:\Dev\Repos\cbapi\client_apis\csharp\example\Bit9CarbonBlack.Example.FileSystemViewer\Bit9CarbonBlack.Example.FileSystemViewer\obj\Debug\Bit9CarbonBlack.Example.FileSystemViewer.pdb
21 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/MainWindow.xaml.cs:
--------------------------------------------------------------------------------
1 | using Bit9CarbonBlack.Example.FileSystemViewer.Model;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading;
7 | using System.Threading.Tasks;
8 | using System.Windows;
9 | using System.Windows.Controls;
10 | using System.Windows.Data;
11 | using System.Windows.Documents;
12 | using System.Windows.Input;
13 | using System.Windows.Media;
14 | using System.Windows.Media.Imaging;
15 | using System.Windows.Navigation;
16 | using System.Windows.Shapes;
17 |
18 | namespace Bit9CarbonBlack.Example.FileSystemViewer
19 | {
20 | ///
21 | /// Interaction logic for MainWindow.xaml
22 | ///
23 | public partial class MainWindow : Window
24 | {
25 | private readonly ObservableFileSystem filesystem = new ObservableFileSystem();
26 | private readonly Client.CarbonBlack cb = new Client.CarbonBlack();
27 | private CancellationTokenSource cancelSource;
28 |
29 | public MainWindow()
30 | {
31 | InitializeComponent();
32 |
33 | this.DataContext = filesystem;
34 | }
35 |
36 | private async void Button_Click(object sender, RoutedEventArgs e)
37 | {
38 | try
39 | {
40 | if (String.IsNullOrWhiteSpace(this.serverUriText.Text) || String.IsNullOrWhiteSpace(this.apiTokenText.Text) || String.IsNullOrWhiteSpace(this.sensorHostnameText.Text))
41 | {
42 | MessageBox.Show("CB Server Uri, CB Api Token, and Sensor Hostname must be populated!");
43 | return;
44 | }
45 |
46 | cb.ServerUri = this.serverUriText.Text;
47 | cb.ApiToken = this.apiTokenText.Text;
48 |
49 | var sensorId = await cb.GetSensorIdForHost(this.sensorHostnameText.Text);
50 | if (sensorId == -1)
51 | {
52 | MessageBox.Show(String.Format("A matching sensor could not be found for the Sensor Hostname: '{0}'", this.sensorHostnameText.Text));
53 | return;
54 | }
55 |
56 | this.loadButton.IsEnabled = false;
57 | this.stopButton.IsEnabled = true;
58 |
59 | using (this.cancelSource = new CancellationTokenSource())
60 | {
61 | var resultCount = 0;
62 | var totalCount = 0;
63 | do
64 | {
65 | resultCount = await cb.UpdateFilesBatch(this.filesystem, sensorId, totalCount, 100, cancelSource.Token);
66 | if (resultCount < 0)
67 | {
68 | return;
69 | }
70 | totalCount += resultCount;
71 | }
72 | while (resultCount > 0);
73 | }
74 | }
75 | catch (Exception ex)
76 | {
77 | MessageBox.Show(String.Format("An error occured: {0}", ex.ToString()));
78 | }
79 | }
80 |
81 | private void ClearButton_Click(object sender, RoutedEventArgs e)
82 | {
83 | this.filesystem.Clear();;
84 | this.clearButton.IsEnabled = false;
85 | }
86 |
87 | private void StopButton_Click(object sender, RoutedEventArgs e)
88 | {
89 | this.cancelSource.Cancel(false);
90 | this.loadButton.IsEnabled = true;
91 | this.clearButton.IsEnabled = true;
92 | this.stopButton.IsEnabled = false;
93 | }
94 | }
95 | }
96 |
--------------------------------------------------------------------------------
/server_apis/python/example/bulk/README.md:
--------------------------------------------------------------------------------
1 | # eventExporter.py Example Script
2 |
3 | ## Purpose
4 |
5 | The eventExporter.py example script demonstrates mechanisms to "tap" into the Carbon Black ingress data stream to perform arbitrary processing, logging, or external storage.
6 |
7 | ## Background
8 |
9 | The Carbon Black Enterprise Server (CB Server or cbent) accepts data from Carbon Black sensors in the form of sensor event logs. These event logs are encoded using length-value encoding and the event types are encoded with Google Protocol Buffers (https://code.google.com/p/protobuf). The event logs include events from one or more processes on a single endpoint. The events are of various types, including:
10 |
11 | * NetConns (network connections)
12 | * ModLoads (library loads, such as DLL or EXE)
13 | * FileMods (file creation, deletion, or modification)
14 | * RegMods (registry key creation, key deletion, value creation/modification, and value deletion)
15 | * XProcess (opens of external processes) (new to CB 5.0)
16 | * RemoteThread (creations of threads in external processes) (new to CB 5.0)
17 | * ModInfo (description of a newly-observed binary such as EXE or DLL)
18 | * Process (process startup and termination)
19 |
20 | The events are demultiplexed on a per-process basis and passed to the Carbon Black data backend.
21 |
22 | ## Prerequisites
23 |
24 | * The script must run on the Carbon Black Enterprise Server.
25 | * If the Carbon Black Server deployment is a cluster deployment, the script must run on every minion node of interest
26 | * The script must run with root privileges
27 | * The server must be configured to "save off" incoming sensor event logs OR the server must be configured to publish incoming events of interest over the RabbitMQ pub/sub bus.
28 |
29 | ### Configuring the Carbon Black Server to Save Off Sensor Event Logs
30 |
31 | 1. Stop the Carbon Black server using `service cb-enterprise stop`
32 |
33 | 2. Create a new file `/etc/cb/datastore/archive.properties` with the following content:
34 |
35 | cbfs-http.log-archive.type=filesystem
36 | cbfs-http.log-archive.filesystem.location=/path/to/archive/dir
37 | cbfs-http.log-archive.filesystem.queue-size=100
38 |
39 | 3. Ensure that the directory pointed to by cbfs-http.log-archive.filesystem.location is writable by the cb user:
40 |
41 | chown cb:cb /path/to/archive/dir
42 |
43 | 4. Restart the Carbon Black server using `service cb-enterprise start`
44 |
45 | WARNING: The Carbon Black Enterprise server does NOT manage the disk usage of the event log archive directory. Independent mechanisms must be used to avoid excessive disk usage.
46 |
47 | ### Configuring the Carbon Black Server to Publish Raw Events to the Pub/Sub Bus
48 |
49 | Please see the "Raw Endpoint Events" section of the README.md in the root of the Carbon Black Server API (CBSAPI) documentation.
50 |
51 | ## Modes Of Operation
52 |
53 | The eventExporter.py example script can be configured to run in three core modes of operation:
54 |
55 | 1. On a single event log file with the -f option.
56 | 2. On a single directory of log files with the -d option. A variation of this option is -a, which automatically discovers the Carbon Black global event log directory by parsing archive.properties.
57 | 3. Pull events from the pub/sub bus using the -b option.
58 |
59 | NOTE: Both modes (2) and (3) require changes to the Carbon Black Server configuration to enable event log archiving (mode 2) and event publishing (mode 3). See the documentation on configuration above.
60 |
61 | ## Output Options
62 |
63 | 1. Output can be done in JSON formation using --output json
64 | 2. Output can be done in human-readable 'table' format using --output table
65 |
66 | ## Other Options
67 |
68 | The -r option can be used to automatically remove event logs after processing.
69 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample/Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {26356EB2-470C-4461-99A2-5994AD426C47}
8 | Exe
9 | Properties
10 | Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample
11 | Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample
12 | v4.5
13 | 512
14 | e2b6dfec
15 |
16 |
17 |
18 | AnyCPU
19 | true
20 | full
21 | false
22 | bin\Debug\
23 | DEBUG;TRACE
24 | prompt
25 | 4
26 | true
27 | false
28 |
29 |
30 | AnyCPU
31 | pdbonly
32 | true
33 | bin\Release\
34 | TRACE
35 | prompt
36 | 4
37 | true
38 | false
39 |
40 |
41 | true
42 |
43 |
44 | ..\Bit9CarbonBlack.CarbonBlack.Client.snk
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 | Properties\CommonAssemblyInfo.cs
60 |
61 |
62 |
63 |
64 |
65 |
66 | Bit9CarbonBlack.CarbonBlack.Client.snk
67 |
68 |
69 |
70 |
71 |
72 | {69e3504c-7647-4696-a31d-f8e2a2a8ca61}
73 | Bit9CarbonBlack.CarbonBlack.Client
74 |
75 |
76 |
77 |
84 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Threading.Tasks;
4 |
5 | namespace Bit9CarbonBlack.CarbonBlack.Client.ConsoleExample
6 | {
7 | public class Program
8 | {
9 | static void Main(string[] args)
10 | {
11 | CbClientConsoleAsync().Wait();
12 | CbClientConsole();
13 | }
14 |
15 | static void CbClientConsole()
16 | {
17 | Console.ForegroundColor = ConsoleColor.Green;
18 | Console.WriteLine("Synchronous API Examples");
19 | Console.ForegroundColor = ConsoleColor.White;
20 |
21 | // Creates an instance of CbClient in a using (to ensure that it is disposed of properly)
22 | using (CbClient client = new CbClient("https://192.168.43.164/", "999b934fb2236d1465ecc1577d4c44e9a87128d1", false))
23 | {
24 | // Get the server information as a string
25 | Console.WriteLine("/api/info");
26 | var infoStringResponse = client.HttpGetAsString("/api/info");
27 | WriteStringResponse(infoStringResponse);
28 |
29 | // Get the sensor statistics as a dictionary
30 | Console.WriteLine("/api/v1/sensor/statistics");
31 | var sensorStatsResponse = client.HttpGetAsDictionary("/api/v1/sensor/statistics");
32 | WriteDictionaryResponse(sensorStatsResponse);
33 |
34 | // Get up to 5 processes as dynamic
35 | Console.WriteLine("/api/v1/process?rows=5");
36 | var processSearchResponse = client.HttpGetAsDynamic("/api/v1/process?rows=5");
37 | Console.WriteLine(" Status: {0}", processSearchResponse.StatusCode);
38 | Console.WriteLine(" Content:");
39 | foreach (dynamic result in processSearchResponse.Response.results)
40 | {
41 | Console.WriteLine(" {0} - {1}", result.process_name, result.process_md5);
42 | }
43 | Console.WriteLine();
44 |
45 | }
46 |
47 | Console.ForegroundColor = ConsoleColor.White;
48 | Console.WriteLine();
49 | Console.WriteLine();
50 | }
51 |
52 | static async Task CbClientConsoleAsync()
53 | {
54 | Console.ForegroundColor = ConsoleColor.Green;
55 | Console.WriteLine("Asynchronous API Examples");
56 | Console.ForegroundColor = ConsoleColor.White;
57 |
58 | // Creates an instance of CbClient in a using (to ensure that it is disposed of properly)
59 | using (CbClient client = new CbClient("https://192.168.43.164/", "999b934fb2236d1465ecc1577d4c44e9a87128d1", false))
60 | {
61 | // Get the server information as a string
62 | Console.WriteLine("/api/info");
63 | var infoStringResponse = await client.HttpGetAsStringAsync("/api/info");
64 | WriteStringResponse(infoStringResponse);
65 |
66 | // Get the sensor statistics as a dictionary
67 | Console.WriteLine("/api/v1/sensor/statistics");
68 | var sensorStatsResponse = await client.HttpGetAsDictionaryAsync("/api/v1/sensor/statistics");
69 | WriteDictionaryResponse(sensorStatsResponse);
70 |
71 | // Get up to 5 processes as dynamic
72 | Console.WriteLine("/api/v1/process?rows=5");
73 | var processSearchResponse = await client.HttpGetAsDynamicAsync("/api/v1/process?rows=5");
74 | Console.WriteLine(" Status: {0}", processSearchResponse.StatusCode);
75 | Console.WriteLine(" Content:");
76 | foreach (dynamic result in processSearchResponse.Response.results)
77 | {
78 | Console.WriteLine(" {0} - {1}", result.process_name, result.process_md5);
79 | }
80 | Console.WriteLine();
81 | }
82 |
83 | Console.ForegroundColor = ConsoleColor.White;
84 | Console.WriteLine();
85 | Console.WriteLine();
86 | }
87 |
88 | private static void WriteStringResponse(CbClientResult response)
89 | {
90 | Console.WriteLine(" Status: {0}{2} Content: {1}{2}", (int)response.StatusCode, response.Response, Environment.NewLine);
91 | }
92 |
93 | private static void WriteDictionaryResponse(CbClientResult> response)
94 | {
95 | Console.WriteLine(" Status: {0}", (int)response.StatusCode);
96 | Console.WriteLine(" Content:");
97 | foreach (var key in response.Response.Keys)
98 | {
99 | Console.WriteLine(" {0}: {1}", key, response.Response[key].ToString());
100 | }
101 | Console.WriteLine();
102 | }
103 | }
104 | }
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Properties/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/Bit9CarbonBlack.CarbonBlack.Client.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {69E3504C-7647-4696-A31D-F8E2A2A8CA61}
8 | Library
9 | Properties
10 | Bit9CarbonBlack.CarbonBlack.Client
11 | Bit9CarbonBlack.CarbonBlack.Client
12 | v4.5
13 | 512
14 | 3e116afd
15 |
16 |
17 |
18 | true
19 | full
20 | false
21 | bin\Debug\
22 | DEBUG;TRACE
23 | prompt
24 | 4
25 | true
26 | bin\Debug\Bit9CarbonBlack.CarbonBlack.Client.XML
27 | false
28 |
29 |
30 | pdbonly
31 | true
32 | bin\Release\
33 | TRACE
34 | prompt
35 | 4
36 | true
37 | bin\Release\Bit9CarbonBlack.CarbonBlack.Client.XML
38 | false
39 |
40 |
41 | true
42 |
43 |
44 | ..\Bit9CarbonBlack.CarbonBlack.Client.snk
45 |
46 |
47 | bin\Release-4.5\
48 | CODE_ANALYSIS;TRACE
49 | bin\Release\Bit9CarbonBlack.CarbonBlack.Client.XML
50 | true
51 | pdbonly
52 | AnyCPU
53 | true
54 | prompt
55 | MinimumRecommendedRules.ruleset
56 |
57 |
58 | true
59 | bin\Debug-4.5\
60 | CODE_ANALYSIS;DEBUG;TRACE
61 | bin\Debug\Bit9CarbonBlack.CarbonBlack.Client.XML
62 | full
63 | AnyCPU
64 | true
65 | prompt
66 | MinimumRecommendedRules.ruleset
67 |
68 |
69 |
70 | False
71 | ..\..\packages\Newtonsoft.Json.6.0.7\lib\net45\Newtonsoft.Json.dll
72 |
73 |
74 | ..\..\packages\ServiceStack.Text.4.0.35\lib\net40\ServiceStack.Text.dll
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 | Properties\CommonAssemblyInfo.cs
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 | Bit9CarbonBlack.CarbonBlack.Client.snk
102 |
103 |
104 |
105 |
106 |
107 |
108 |
115 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {4E82255E-FF6B-4F12-88E8-456ECE798591}
8 | WinExe
9 | Properties
10 | Bit9CarbonBlack.Example.FileSystemViewer
11 | Bit9CarbonBlack.Example.FileSystemViewer
12 | v4.5
13 | 512
14 | {60dc8134-eba5-43b8-bcc9-bb4bc16c2548};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}
15 | 4
16 |
17 |
18 |
19 | AnyCPU
20 | true
21 | full
22 | false
23 | bin\Debug\
24 | DEBUG;TRACE
25 | prompt
26 | 4
27 | false
28 |
29 |
30 | AnyCPU
31 | pdbonly
32 | true
33 | bin\Release\
34 | TRACE
35 | prompt
36 | 4
37 | false
38 |
39 |
40 |
41 | False
42 | ..\..\packages\Bit9CarbonBlack.CarbonBlack.Client.1.1.5481.26044\lib\net45\Bit9CarbonBlack.CarbonBlack.Client.dll
43 |
44 |
45 | False
46 | ..\..\packages\Newtonsoft.Json.6.0.7\lib\net45\Newtonsoft.Json.dll
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 | 4.0
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 | MSBuild:Compile
66 | Designer
67 |
68 |
69 | MSBuild:Compile
70 | Designer
71 |
72 |
73 | App.xaml
74 | Code
75 |
76 |
77 |
78 | MainWindow.xaml
79 | Code
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 | Code
92 |
93 |
94 | True
95 | True
96 | Resources.resx
97 |
98 |
99 | True
100 | Settings.settings
101 | True
102 |
103 |
104 | ResXFileCodeGenerator
105 | Resources.Designer.cs
106 |
107 |
108 |
109 |
110 | SettingsSingleFileGenerator
111 | Settings.Designer.cs
112 |
113 |
114 |
115 |
116 |
117 |
124 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/Client/CarbonBlack.cs:
--------------------------------------------------------------------------------
1 | using Bit9CarbonBlack.CarbonBlack.Client;
2 | using Bit9CarbonBlack.Example.FileSystemViewer.Model;
3 | using System;
4 | using System.Collections;
5 | using System.Collections.Generic;
6 | using System.Linq;
7 | using System.Threading;
8 | using System.Threading.Tasks;
9 |
10 | namespace Bit9CarbonBlack.Example.FileSystemViewer.Client
11 | {
12 | public class CarbonBlack
13 | {
14 | public string ServerUri { get; set; }
15 |
16 | public string ApiToken { get; set; }
17 |
18 | public async Task> GetHostnames()
19 | {
20 | using (CbClient cbClient = new CbClient(this.ServerUri, this.ApiToken, false))
21 | {
22 | var hostnameResponse = await cbClient.HttpGetAsDynamicAsync("/api/v1/sensor");
23 | if (hostnameResponse.StatusCode == System.Net.HttpStatusCode.OK)
24 | {
25 | var hostnames = ((IEnumerable)hostnameResponse.Response).Cast()
26 | .Select(x => new Hostname() { Name = x.computer_name, SensorId = x.id }).OrderBy(x => x.Name).ToList();
27 | return hostnames;
28 | }
29 | else
30 | {
31 | throw new ApplicationException(String.Format("Could not get list of hostnames - Http Code {0}", hostnameResponse.StatusCode));
32 | }
33 | }
34 | }
35 |
36 | public async Task GetProcessCountForHost(int sensorId)
37 | {
38 | using (CbClient cbClient = new CbClient(this.ServerUri, this.ApiToken, false))
39 | {
40 | var queryForCountResponse = await cbClient.HttpGetAsDynamicAsync(String.Format("/api/v1/process?rows=0&q=sensor_id:{0} and filemod_count:[1 TO *]", sensorId.ToString()));
41 | if (queryForCountResponse.StatusCode == System.Net.HttpStatusCode.OK)
42 | {
43 | return queryForCountResponse.Response.total_results;
44 | }
45 | else
46 | {
47 | throw new ApplicationException(String.Format("Could not get count of processes for sensor id:{0} - HTTP Code {1}", sensorId, queryForCountResponse.StatusCode));
48 | }
49 | }
50 | }
51 |
52 | public async Task GetSensorIdForHost(string hostname)
53 | {
54 | using (CbClient cbClient = new CbClient(this.ServerUri, this.ApiToken, false))
55 | {
56 | var queryForSensorIdResponse = await cbClient.HttpGetAsDynamicAsync(String.Format("/api/v1/sensor?hostname={0}", hostname));
57 | if (queryForSensorIdResponse.StatusCode == System.Net.HttpStatusCode.OK)
58 | {
59 | var sensor = ((IEnumerable)queryForSensorIdResponse.Response).Cast()
60 | .FirstOrDefault();
61 | if (sensor != null)
62 | {
63 | return sensor.id;
64 | }
65 | else
66 | {
67 | return -1;
68 | }
69 | }
70 | else
71 | {
72 | throw new ApplicationException(String.Format("Could not find sensor with hostname: '{0}' - Http Code {1}", hostname, queryForSensorIdResponse.StatusCode));
73 | }
74 | }
75 | }
76 |
77 | public async Task UpdateFilesBatch(ObservableFileSystem fileSystem, int sensorId, int start, int rows, CancellationToken cancelToken = default(CancellationToken))
78 | {
79 | using (CbClient cbClient = new CbClient(this.ServerUri, this.ApiToken, false))
80 | {
81 | var queryForPidsResponse = await cbClient.HttpGetAsDynamicAsync(String.Format("/api/v1/process?start={0}&rows={1}&q=sensor_id:{2} and filemod_count:[1 TO *]&sort=start asc",
82 | start, rows, sensorId));
83 | if (cancelToken.IsCancellationRequested)
84 | {
85 | return -1;
86 | }
87 |
88 | if (queryForPidsResponse.StatusCode != System.Net.HttpStatusCode.OK)
89 | {
90 | throw new ApplicationException(String.Format("Could not get process batch for sensor id:{0}, start:{1}, rows:{2} - HTTP Code {3}",
91 | sensorId, start, rows, queryForPidsResponse.StatusCode));
92 | }
93 | else
94 | {
95 | int resultCount = 0;
96 | foreach (var result in queryForPidsResponse.Response.results)
97 | {
98 | var processId = result.id;
99 | var segmentId = result.segment_id;
100 |
101 | var queryForEventsResponse = await cbClient.HttpGetAsDynamicAsync(String.Format("/api/v1/process/{0}/{1}/event", processId, segmentId));
102 | if (queryForEventsResponse.StatusCode != System.Net.HttpStatusCode.OK)
103 | {
104 | // do something
105 | }
106 | else
107 | {
108 | foreach (string evt in queryForEventsResponse.Response.process.filemod_complete)
109 | {
110 | var evtParts = evt.Split('|');
111 | int type = Convert.ToInt32(evtParts[0]);
112 | fileSystem.AddFileSystemItem(evtParts[2], evtParts[1], type);
113 | }
114 | }
115 | resultCount++;
116 |
117 | if (cancelToken.IsCancellationRequested)
118 | {
119 | return resultCount;
120 | }
121 | }
122 |
123 | return resultCount;
124 | }
125 | }
126 | }
127 |
128 | }
129 | }
130 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Debug
5 | AnyCPU
6 | {C871BF8F-3616-41B4-8B3A-A31A61410597}
7 | Library
8 | Properties
9 | Bit9CarbonBlack.CarbonBlack.Client
10 | Bit9CarbonBlack.CarbonBlack.Client.Tests
11 | v4.5
12 | 512
13 | {3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}
14 | 10.0
15 | $(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)
16 | $(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages
17 | False
18 | UnitTest
19 | 945bb5f0
20 |
21 |
22 |
23 | true
24 | full
25 | false
26 | bin\Debug\
27 | DEBUG;TRACE
28 | prompt
29 | 4
30 | false
31 |
32 |
33 | pdbonly
34 | true
35 | bin\Release\
36 | TRACE
37 | prompt
38 | 4
39 | false
40 |
41 |
42 | true
43 |
44 |
45 | ..\..\Bit9CarbonBlack.CarbonBlack.Client.snk
46 |
47 |
48 | bin\Release-4.5\
49 | TRACE
50 | true
51 | pdbonly
52 | AnyCPU
53 | prompt
54 | MinimumRecommendedRules.ruleset
55 |
56 |
57 | true
58 | bin\Debug-4.5\
59 | DEBUG;TRACE
60 | full
61 | AnyCPU
62 | prompt
63 | MinimumRecommendedRules.ruleset
64 |
65 |
66 |
67 | ..\..\..\packages\RhinoMocks.3.6.1\lib\net\Rhino.Mocks.dll
68 |
69 |
70 | ..\..\..\packages\VisualStudioTestingExtensions.1.2.0.0\lib\net40\SoftwareApproach.TestingExtensions.dll
71 |
72 |
73 |
74 | 3.5
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 | Properties\CommonAssemblyInfo.cs
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 | Bit9CarbonBlack.CarbonBlack.Client.snk
103 |
104 |
105 |
106 |
107 |
108 |
109 | {69e3504c-7647-4696-a31d-f8e2a2a8ca61}
110 | Bit9CarbonBlack.CarbonBlack.Client
111 |
112 |
113 |
114 |
115 |
116 |
117 | False
118 |
119 |
120 | False
121 |
122 |
123 | False
124 |
125 |
126 | False
127 |
128 |
129 |
130 |
131 |
132 |
133 |
140 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/MainWindow.g.cs:
--------------------------------------------------------------------------------
1 | #pragma checksum "..\..\MainWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "264B203C6D452BD514BE46081968DC03"
2 | //------------------------------------------------------------------------------
3 | //
4 | // This code was generated by a tool.
5 | // Runtime Version:4.0.30319.34014
6 | //
7 | // Changes to this file may cause incorrect behavior and will be lost if
8 | // the code is regenerated.
9 | //
10 | //------------------------------------------------------------------------------
11 |
12 | using Bit9CarbonBlack.Example.FileSystemViewer.Model;
13 | using System;
14 | using System.Diagnostics;
15 | using System.Windows;
16 | using System.Windows.Automation;
17 | using System.Windows.Controls;
18 | using System.Windows.Controls.Primitives;
19 | using System.Windows.Data;
20 | using System.Windows.Documents;
21 | using System.Windows.Ink;
22 | using System.Windows.Input;
23 | using System.Windows.Markup;
24 | using System.Windows.Media;
25 | using System.Windows.Media.Animation;
26 | using System.Windows.Media.Effects;
27 | using System.Windows.Media.Imaging;
28 | using System.Windows.Media.Media3D;
29 | using System.Windows.Media.TextFormatting;
30 | using System.Windows.Navigation;
31 | using System.Windows.Shapes;
32 | using System.Windows.Shell;
33 |
34 |
35 | namespace Bit9CarbonBlack.Example.FileSystemViewer {
36 |
37 |
38 | ///
39 | /// MainWindow
40 | ///
41 | public partial class MainWindow : System.Windows.Window, System.Windows.Markup.IComponentConnector {
42 |
43 |
44 | #line 6 "..\..\MainWindow.xaml"
45 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
46 | internal System.Windows.Controls.StackPanel LayoutRoot;
47 |
48 | #line default
49 | #line hidden
50 |
51 |
52 | #line 21 "..\..\MainWindow.xaml"
53 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
54 | internal System.Windows.Controls.TextBox serverUriText;
55 |
56 | #line default
57 | #line hidden
58 |
59 |
60 | #line 22 "..\..\MainWindow.xaml"
61 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
62 | internal System.Windows.Controls.TextBox apiTokenText;
63 |
64 | #line default
65 | #line hidden
66 |
67 |
68 | #line 23 "..\..\MainWindow.xaml"
69 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
70 | internal System.Windows.Controls.TextBox sensorHostnameText;
71 |
72 | #line default
73 | #line hidden
74 |
75 |
76 | #line 25 "..\..\MainWindow.xaml"
77 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
78 | internal System.Windows.Controls.Button loadButton;
79 |
80 | #line default
81 | #line hidden
82 |
83 |
84 | #line 26 "..\..\MainWindow.xaml"
85 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
86 | internal System.Windows.Controls.Button stopButton;
87 |
88 | #line default
89 | #line hidden
90 |
91 |
92 | #line 27 "..\..\MainWindow.xaml"
93 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
94 | internal System.Windows.Controls.Button clearButton;
95 |
96 | #line default
97 | #line hidden
98 |
99 |
100 | #line 34 "..\..\MainWindow.xaml"
101 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
102 | internal System.Windows.Controls.TreeView myTreeView;
103 |
104 | #line default
105 | #line hidden
106 |
107 | private bool _contentLoaded;
108 |
109 | ///
110 | /// InitializeComponent
111 | ///
112 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
113 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
114 | public void InitializeComponent() {
115 | if (_contentLoaded) {
116 | return;
117 | }
118 | _contentLoaded = true;
119 | System.Uri resourceLocater = new System.Uri("/Bit9CarbonBlack.Example.FileSystemViewer;component/mainwindow.xaml", System.UriKind.Relative);
120 |
121 | #line 1 "..\..\MainWindow.xaml"
122 | System.Windows.Application.LoadComponent(this, resourceLocater);
123 |
124 | #line default
125 | #line hidden
126 | }
127 |
128 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
129 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
130 | [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
131 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Design", "CA1033:InterfaceMethodsShouldBeCallableByChildTypes")]
132 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity")]
133 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1800:DoNotCastUnnecessarily")]
134 | void System.Windows.Markup.IComponentConnector.Connect(int connectionId, object target) {
135 | switch (connectionId)
136 | {
137 | case 1:
138 | this.LayoutRoot = ((System.Windows.Controls.StackPanel)(target));
139 | return;
140 | case 2:
141 | this.serverUriText = ((System.Windows.Controls.TextBox)(target));
142 | return;
143 | case 3:
144 | this.apiTokenText = ((System.Windows.Controls.TextBox)(target));
145 | return;
146 | case 4:
147 | this.sensorHostnameText = ((System.Windows.Controls.TextBox)(target));
148 | return;
149 | case 5:
150 | this.loadButton = ((System.Windows.Controls.Button)(target));
151 |
152 | #line 25 "..\..\MainWindow.xaml"
153 | this.loadButton.Click += new System.Windows.RoutedEventHandler(this.Button_Click);
154 |
155 | #line default
156 | #line hidden
157 | return;
158 | case 6:
159 | this.stopButton = ((System.Windows.Controls.Button)(target));
160 |
161 | #line 26 "..\..\MainWindow.xaml"
162 | this.stopButton.Click += new System.Windows.RoutedEventHandler(this.StopButton_Click);
163 |
164 | #line default
165 | #line hidden
166 | return;
167 | case 7:
168 | this.clearButton = ((System.Windows.Controls.Button)(target));
169 |
170 | #line 27 "..\..\MainWindow.xaml"
171 | this.clearButton.Click += new System.Windows.RoutedEventHandler(this.ClearButton_Click);
172 |
173 | #line default
174 | #line hidden
175 | return;
176 | case 8:
177 | this.myTreeView = ((System.Windows.Controls.TreeView)(target));
178 | return;
179 | }
180 | this._contentLoaded = true;
181 | }
182 | }
183 | }
184 |
185 |
--------------------------------------------------------------------------------
/client_apis/csharp/example/Bit9CarbonBlack.Example.FileSystemViewer/Bit9CarbonBlack.Example.FileSystemViewer/obj/Debug/MainWindow.g.i.cs:
--------------------------------------------------------------------------------
1 | #pragma checksum "..\..\MainWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "264B203C6D452BD514BE46081968DC03"
2 | //------------------------------------------------------------------------------
3 | //
4 | // This code was generated by a tool.
5 | // Runtime Version:4.0.30319.34014
6 | //
7 | // Changes to this file may cause incorrect behavior and will be lost if
8 | // the code is regenerated.
9 | //
10 | //------------------------------------------------------------------------------
11 |
12 | using Bit9CarbonBlack.Example.FileSystemViewer.Model;
13 | using System;
14 | using System.Diagnostics;
15 | using System.Windows;
16 | using System.Windows.Automation;
17 | using System.Windows.Controls;
18 | using System.Windows.Controls.Primitives;
19 | using System.Windows.Data;
20 | using System.Windows.Documents;
21 | using System.Windows.Ink;
22 | using System.Windows.Input;
23 | using System.Windows.Markup;
24 | using System.Windows.Media;
25 | using System.Windows.Media.Animation;
26 | using System.Windows.Media.Effects;
27 | using System.Windows.Media.Imaging;
28 | using System.Windows.Media.Media3D;
29 | using System.Windows.Media.TextFormatting;
30 | using System.Windows.Navigation;
31 | using System.Windows.Shapes;
32 | using System.Windows.Shell;
33 |
34 |
35 | namespace Bit9CarbonBlack.Example.FileSystemViewer {
36 |
37 |
38 | ///
39 | /// MainWindow
40 | ///
41 | public partial class MainWindow : System.Windows.Window, System.Windows.Markup.IComponentConnector {
42 |
43 |
44 | #line 6 "..\..\MainWindow.xaml"
45 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
46 | internal System.Windows.Controls.StackPanel LayoutRoot;
47 |
48 | #line default
49 | #line hidden
50 |
51 |
52 | #line 21 "..\..\MainWindow.xaml"
53 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
54 | internal System.Windows.Controls.TextBox serverUriText;
55 |
56 | #line default
57 | #line hidden
58 |
59 |
60 | #line 22 "..\..\MainWindow.xaml"
61 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
62 | internal System.Windows.Controls.TextBox apiTokenText;
63 |
64 | #line default
65 | #line hidden
66 |
67 |
68 | #line 23 "..\..\MainWindow.xaml"
69 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
70 | internal System.Windows.Controls.TextBox sensorHostnameText;
71 |
72 | #line default
73 | #line hidden
74 |
75 |
76 | #line 25 "..\..\MainWindow.xaml"
77 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
78 | internal System.Windows.Controls.Button loadButton;
79 |
80 | #line default
81 | #line hidden
82 |
83 |
84 | #line 26 "..\..\MainWindow.xaml"
85 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
86 | internal System.Windows.Controls.Button stopButton;
87 |
88 | #line default
89 | #line hidden
90 |
91 |
92 | #line 27 "..\..\MainWindow.xaml"
93 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
94 | internal System.Windows.Controls.Button clearButton;
95 |
96 | #line default
97 | #line hidden
98 |
99 |
100 | #line 34 "..\..\MainWindow.xaml"
101 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields")]
102 | internal System.Windows.Controls.TreeView myTreeView;
103 |
104 | #line default
105 | #line hidden
106 |
107 | private bool _contentLoaded;
108 |
109 | ///
110 | /// InitializeComponent
111 | ///
112 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
113 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
114 | public void InitializeComponent() {
115 | if (_contentLoaded) {
116 | return;
117 | }
118 | _contentLoaded = true;
119 | System.Uri resourceLocater = new System.Uri("/Bit9CarbonBlack.Example.FileSystemViewer;component/mainwindow.xaml", System.UriKind.Relative);
120 |
121 | #line 1 "..\..\MainWindow.xaml"
122 | System.Windows.Application.LoadComponent(this, resourceLocater);
123 |
124 | #line default
125 | #line hidden
126 | }
127 |
128 | [System.Diagnostics.DebuggerNonUserCodeAttribute()]
129 | [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")]
130 | [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
131 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Design", "CA1033:InterfaceMethodsShouldBeCallableByChildTypes")]
132 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity")]
133 | [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1800:DoNotCastUnnecessarily")]
134 | void System.Windows.Markup.IComponentConnector.Connect(int connectionId, object target) {
135 | switch (connectionId)
136 | {
137 | case 1:
138 | this.LayoutRoot = ((System.Windows.Controls.StackPanel)(target));
139 | return;
140 | case 2:
141 | this.serverUriText = ((System.Windows.Controls.TextBox)(target));
142 | return;
143 | case 3:
144 | this.apiTokenText = ((System.Windows.Controls.TextBox)(target));
145 | return;
146 | case 4:
147 | this.sensorHostnameText = ((System.Windows.Controls.TextBox)(target));
148 | return;
149 | case 5:
150 | this.loadButton = ((System.Windows.Controls.Button)(target));
151 |
152 | #line 25 "..\..\MainWindow.xaml"
153 | this.loadButton.Click += new System.Windows.RoutedEventHandler(this.Button_Click);
154 |
155 | #line default
156 | #line hidden
157 | return;
158 | case 6:
159 | this.stopButton = ((System.Windows.Controls.Button)(target));
160 |
161 | #line 26 "..\..\MainWindow.xaml"
162 | this.stopButton.Click += new System.Windows.RoutedEventHandler(this.StopButton_Click);
163 |
164 | #line default
165 | #line hidden
166 | return;
167 | case 7:
168 | this.clearButton = ((System.Windows.Controls.Button)(target));
169 |
170 | #line 27 "..\..\MainWindow.xaml"
171 | this.clearButton.Click += new System.Windows.RoutedEventHandler(this.ClearButton_Click);
172 |
173 | #line default
174 | #line hidden
175 | return;
176 | case 8:
177 | this.myTreeView = ((System.Windows.Controls.TreeView)(target));
178 | return;
179 | }
180 | this._contentLoaded = true;
181 | }
182 | }
183 | }
184 |
185 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Tests/Bit9CarbonBlack.CarbonBlack.Client.Tests/CbClientTest.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.VisualStudio.TestTools.UnitTesting;
2 | using Rhino.Mocks;
3 | using SoftwareApproach.TestingExtensions;
4 | using System;
5 | using System.Linq;
6 | using System.Net;
7 | using System.Net.Http;
8 | using System.Net.Security;
9 | using System.Reflection;
10 | using System.Threading.Tasks;
11 |
12 | namespace Bit9CarbonBlack.CarbonBlack.Client
13 | {
14 | [TestClass]
15 | public class UnitTest1
16 | {
17 | [TestMethod]
18 | public void Constructors_should_throw_exception_if_serverUri_is_invalid_string()
19 | {
20 | Testing.ShouldThrowException(() => new CbClient(serverUri: null, token: "token", sslVerify: false));
21 | Testing.ShouldThrowException(() => new CbClient(serverUri: String.Empty, token: "token", sslVerify: false));
22 | Testing.ShouldThrowException(() => new CbClient(serverUri: " ", token: "token", sslVerify: false));
23 |
24 | var messageHandler = MockRepository.GenerateMock();
25 | Testing.ShouldThrowException(() => new CbClient(serverUri: null, token: "token", httpClientMessageHandler: messageHandler));
26 | Testing.ShouldThrowException(() => new CbClient(serverUri: String.Empty, token: "token", httpClientMessageHandler: messageHandler));
27 | Testing.ShouldThrowException(() => new CbClient(serverUri: " ", token: "token", httpClientMessageHandler: messageHandler));
28 |
29 | var httpClient = MockRepository.GenerateMock();
30 | Testing.ShouldThrowException(() => new CbClient(serverUri: null, token: "token", httpClient: httpClient));
31 | Testing.ShouldThrowException(() => new CbClient(serverUri: String.Empty, token: "token", httpClient: httpClient));
32 | Testing.ShouldThrowException(() => new CbClient(serverUri: " ", token: "token", httpClient: httpClient));
33 | }
34 |
35 | [TestMethod]
36 | public void Constructors_should_throw_exception_if_token_is_invalid_string()
37 | {
38 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: null, sslVerify: false));
39 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: String.Empty, sslVerify: false));
40 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: " ", sslVerify: false));
41 |
42 | var messageHandler = MockRepository.GenerateMock();
43 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: null, httpClientMessageHandler: messageHandler));
44 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: String.Empty, httpClientMessageHandler: messageHandler));
45 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: " ", httpClientMessageHandler: messageHandler));
46 |
47 | var httpClient = MockRepository.GenerateMock();
48 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: null, httpClient: httpClient));
49 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: String.Empty, httpClient: httpClient));
50 | Testing.ShouldThrowException(() => new CbClient(serverUri: "http://serverUri", token: " ", httpClient: httpClient));
51 | }
52 |
53 | [TestMethod]
54 | public void Constructors_should_throw_exception_if_serverUri_is_not_an_absolute_uri()
55 | {
56 | Testing.ShouldThrowException(() => new CbClient(serverUri: "serverUri", token: null, sslVerify: false));
57 |
58 | var messageHandler = MockRepository.GenerateMock();
59 | Testing.ShouldThrowException(() => new CbClient(serverUri: "serverUri", token: null, httpClientMessageHandler: messageHandler));
60 |
61 | var httpClient = MockRepository.GenerateMock();
62 | Testing.ShouldThrowException(() => new CbClient(serverUri: "serverUri", token: null, httpClient: httpClient));
63 | }
64 |
65 | [TestMethod]
66 | public void Constructor1_should_initialize_http_client_properties()
67 | {
68 | string serverUri = "http://serveruri";
69 | string token = "token";
70 |
71 | var client = new CbClient(serverUri: serverUri, token: token, sslVerify: true);
72 |
73 | client.Token.ShouldEqual(token);
74 | client.ServerUri.ShouldEqual(new Uri(serverUri, UriKind.Absolute));
75 | client.HttpClient.ShouldNotBeNull();
76 | client.HttpClient.BaseAddress.ShouldEqual(new Uri(serverUri, UriKind.Absolute));
77 | client.HttpClient.DefaultRequestHeaders.Where(x => x.Key == "X-Auth-Token" && x.Value.Contains(token)).ShouldHaveCountOf(1);
78 | client.HttpClient.DefaultRequestHeaders.Accept.ShouldHaveCountOf(1);
79 | client.HttpClient.DefaultRequestHeaders.Accept.First().MediaType.ShouldEqualIgnoringCase("application/json");
80 | }
81 |
82 | [TestMethod]
83 | public void Constructor2_should_initialize_http_client_properties()
84 | {
85 | string serverUri = "http://serveruri";
86 | string token = "token";
87 | var messageHandler = MockRepository.GenerateMock();
88 |
89 | var client = new CbClient(serverUri: serverUri, token: token, httpClientMessageHandler: messageHandler);
90 |
91 | client.Token.ShouldEqual(token);
92 | client.ServerUri.ShouldEqual(new Uri(serverUri, UriKind.Absolute));
93 | client.HttpClient.ShouldNotBeNull();
94 | client.HttpClient.BaseAddress.ShouldEqual(new Uri(serverUri, UriKind.Absolute));
95 | client.HttpClient.DefaultRequestHeaders.Where(x => x.Key == "X-Auth-Token" && x.Value.Contains(token)).ShouldHaveCountOf(1);
96 | client.HttpClient.DefaultRequestHeaders.Accept.ShouldHaveCountOf(1);
97 | client.HttpClient.DefaultRequestHeaders.Accept.First().MediaType.ShouldEqualIgnoringCase("application/json");
98 | }
99 |
100 | [TestMethod]
101 | public void Constructor3_should_initialize_http_client_properties()
102 | {
103 | string serverUri = "http://serveruri";
104 | string token = "token";
105 | var httpClient = MockRepository.GenerateMock();
106 |
107 | var client = new CbClient(serverUri: serverUri, token: token, httpClient: httpClient);
108 |
109 | client.Token.ShouldEqual(token);
110 | client.ServerUri.ShouldEqual(new Uri(serverUri, UriKind.Absolute));
111 | client.HttpClient.ShouldNotBeNull();
112 | client.HttpClient.BaseAddress.ShouldEqual(new Uri(serverUri, UriKind.Absolute));
113 | client.HttpClient.DefaultRequestHeaders.Where(x => x.Key == "X-Auth-Token" && x.Value.Contains(token)).ShouldHaveCountOf(1);
114 | client.HttpClient.DefaultRequestHeaders.Accept.ShouldHaveCountOf(1);
115 | client.HttpClient.DefaultRequestHeaders.Accept.First().MediaType.ShouldEqualIgnoringCase("application/json");
116 | }
117 |
118 | [TestMethod]
119 | public void Constructor3_should_use_http_client_from_argument()
120 | {
121 | string serverUri = "http://serveruri";
122 | string token = "token";
123 | var httpClient = MockRepository.GenerateMock();
124 |
125 | var client = new CbClient(serverUri: serverUri, token: token, httpClient: httpClient);
126 |
127 | client.HttpClient.ShouldNotBeNull();
128 | client.HttpClient.ShouldBeSameAs(httpClient);
129 | }
130 |
131 | [TestMethod]
132 | public void Constructor3_should_throw_exception_if_httpClient_is_null()
133 | {
134 | string serverUri = "http://serveruri";
135 | string token = "token";
136 | HttpClient httpClient = null;
137 |
138 | Testing.ShouldThrowException(() => new CbClient(serverUri: serverUri, token: token, httpClient: httpClient));
139 | }
140 |
141 | [TestMethod]
142 | public void Constructor2_should_use_httpClientMessageHandler_if_passed()
143 | {
144 | string serverUri = "http://serveruri";
145 | string token = "token";
146 | var httpMessageHandler = MockRepository.GenerateMock();
147 |
148 | var client = new CbClient(serverUri: serverUri, token: token, httpClientMessageHandler: httpMessageHandler);
149 |
150 | client.HttpClient.ShouldNotBeNull();
151 | this.GetHandlerFromHttpClient(client.HttpClient).ShouldBeSameAs(httpMessageHandler);
152 | }
153 |
154 | [TestMethod]
155 | public void Constructor1_should_use_default_handler_if_sslVerify_is_true()
156 | {
157 | string serverUri = "http://serveruri";
158 | string token = "token";
159 |
160 | var client = new CbClient(serverUri: serverUri, token: token, sslVerify: true);
161 |
162 | client.HttpClient.ShouldNotBeNull();
163 | this.GetHandlerFromHttpClient(client.HttpClient).ShouldBeOfType(typeof(HttpClientHandler));
164 | }
165 |
166 | [TestMethod]
167 | public void Constructor1_should_use_no_ssl_handler_if_sslVerify_is_false_and_should_return_true_for_server_certificate_validation()
168 | {
169 | string serverUri = "http://serveruri";
170 | string token = "token";
171 |
172 | var client = new CbClient(serverUri: serverUri, token: token, sslVerify: false);
173 |
174 | client.HttpClient.ShouldNotBeNull();
175 | var handler = this.GetHandlerFromHttpClient(client.HttpClient) as WebRequestHandler;
176 | handler.ShouldNotBeNull();
177 | handler.ServerCertificateValidationCallback.ShouldNotBeNull();
178 | handler.ServerCertificateValidationCallback(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch).ShouldBeTrue();
179 | }
180 |
181 | private HttpMessageHandler GetHandlerFromHttpClient(HttpClient httpClient)
182 | {
183 | return httpClient.GetType().BaseType.GetField("handler", BindingFlags.Instance | BindingFlags.NonPublic).GetValue(httpClient) as HttpMessageHandler;
184 | }
185 | }
186 | }
187 |
--------------------------------------------------------------------------------
/client_apis/csharp/src/Bit9CarbonBlack.CarbonBlack.Client/ICbClient.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.IO;
4 | using System.Threading.Tasks;
5 | namespace Bit9CarbonBlack.CarbonBlack.Client
6 | {
7 | ///
8 | /// An interface definition for a CarbonBlack API Client.
9 | ///
10 | public interface ICbClient : IDisposable
11 | {
12 | ///
13 | /// Gets the CarbonBlack server URI that is being used by this instance.
14 | ///
15 | Uri ServerUri { get; }
16 |
17 | ///
18 | /// Gets the CarbonBlack user API token that is being used by this instance.
19 | ///
20 | string Token { get; }
21 |
22 | ///
23 | /// Sends a DELETE request for the specified path.
24 | ///
25 | /// The path to the api.
26 | /// A that contains the response information.
27 | /// relativePath is not a valid relative URI.
28 | CbClientResult HttpDelete(string relativePath);
29 |
30 | ///
31 | /// Sends a DELETE request for the specified path, as an asynchronous operation.
32 | ///
33 | /// The path to the api.
34 | /// A task object representing the asynchronous operation.
35 | /// relativePath is not a valid relative URI.
36 | Task> HttpDeleteAsync(string relativePath);
37 |
38 | ///
39 | /// Sends a GET request for the specified path to retrieve a representation of the content.
40 | ///
41 | /// The path to the api.
42 | /// An that contains the response information.
43 | /// relativePath is not a valid relative URI.
44 | CbClientResult> HttpGetAsDictionary(string relativePath);
45 |
46 | ///
47 | /// Sends a GET request for the specified path to retrieve an representation of the content, as an asynchronous operation.
48 | ///
49 | /// The path to the api.
50 | /// A task object representing the asynchronous operation.
51 | /// relativePath is not a valid relative URI.
52 | Task>> HttpGetAsDictionaryAsync(string relativePath);
53 |
54 | ///
55 | /// Sends a GET request for the specified path to retrieve a dynamic representation of the content.
56 | ///
57 | /// The path to the api.
58 | /// A that contains the response information.
59 | /// relativePath is not a valid relative URI.
60 | CbClientResult HttpGetAsDynamic(string relativePath);
61 |
62 | ///
63 | /// Sends a GET request for the specified path to retrieve a dynamic representation of the content, as an asynchronous operation.
64 | ///
65 | /// The path to the api.
66 | /// A task object representing the asynchronous operation.
67 | /// relativePath is not a valid relative URI.
68 | Task> HttpGetAsDynamicAsync(string relativePath);
69 |
70 | ///
71 | /// Sends a GET request for the specified path to retrieve a representation of the content.
72 | ///
73 | /// The path to the api.
74 | /// A that contains the response information.
75 | /// relativePath is not a valid relative URI.
76 | CbClientResult HttpGetAsStream(string relativePath);
77 |
78 | ///
79 | /// Sends a GET request for the specified path to retrieve a representation of the content, as an asynchronous operation.
80 | ///
81 | /// The path to the api.
82 | /// A task object representing the asynchronous operation.
83 | /// relativePath is not a valid relative URI.
84 | Task> HttpGetAsStreamAsync(string relativePath);
85 |
86 | ///
87 | /// Sends a GET request for the specified path to retrieve a representation of the content.
88 | ///
89 | /// The path to the api.
90 | /// A that contains the response information.
91 | /// relativePath is not a valid relative URI.
92 | CbClientResult HttpGetAsString(string relativePath);
93 |
94 | ///
95 | /// Sends a GET request for the specified path to retrieve a representation of the content, as an asynchronous operation.
96 | ///
97 | /// The path to the api.
98 | /// A task object representing the asynchronous operation.
99 | /// relativePath is not a valid relative URI.
100 | Task> HttpGetAsStringAsync(string relativePath);
101 |
102 | ///
103 | /// Sends a POST request for the specified path to post content.
104 | ///
105 | /// The path to the api.
106 | /// The data to send.
107 | /// A that contains the response information.
108 | /// relativePath is not a valid relative URI.
109 | CbClientResult HttpPostDictionary(string relativePath, IDictionary data);
110 |
111 | ///
112 | /// Sends a POST request for the specified path to post content, as an asynchronous operation.
113 | ///
114 | /// The path to the api.
115 | /// The data to send.
116 | /// A task object representing the asynchronous operation.
117 | /// relativePath is not a valid relative URI.
118 | Task> HttpPostDictionaryAsync(string relativePath, IDictionary data);
119 |
120 | ///
121 | /// Sends a POST request for the specified path to post dynamic content.
122 | ///
123 | /// The path to the api.
124 | /// The data to send.
125 | /// A that contains the response information.
126 | /// relativePath is not a valid relative URI.
127 | CbClientResult HttpPostDynamic(string relativePath, dynamic data);
128 |
129 | ///
130 | /// Sends a POST request for the specified path to post dynamic content, as an asynchronous operation.
131 | ///
132 | /// The path to the api.
133 | /// The data to send.
134 | /// A task object representing the asynchronous operation.
135 | /// relativePath is not a valid relative URI.
136 | Task> HttpPostDynamicAsync(string relativePath, dynamic data);
137 |
138 | ///
139 | /// Sends a PUT request for the specified path to put content.
140 | ///
141 | /// The path to the api.
142 | /// The data to send.
143 | /// A that contains the response information.
144 | /// relativePath is not a valid relative URI.
145 | CbClientResult HttpPutDictionary(string relativePath, IDictionary data);
146 |
147 | ///
148 | /// Sends a PUT request for the specified path to put content, as an asynchronous operation.
149 | ///
150 | /// The path to the api.
151 | /// The data to send.
152 | /// A task object representing the asynchronous operation.
153 | /// relativePath is not a valid relative URI.
154 | Task> HttpPutDictionaryAsync(string relativePath, IDictionary data);
155 |
156 | ///
157 | /// Sends a PUT request for the specified path to put dynamic content.
158 | ///
159 | /// The path to the api.
160 | /// The data to send.
161 | /// A that contains the response information.
162 | /// relativePath is not a valid relative URI.
163 | CbClientResult HttpPutDynamic(string relativePath, dynamic data);
164 |
165 | ///
166 | /// Sends a PUT request for the specified path to put content, as an asynchronous operation.
167 | ///
168 | /// The path to the api.
169 | /// The data to send.
170 | /// A task object representing the asynchronous operation.
171 | /// relativePath is not a valid relative URI.
172 | Task> HttpPutDynamicAsync(string relativePath, dynamic data);
173 | }
174 | }
175 |
--------------------------------------------------------------------------------
/server_apis/python/example/bulk/lib/eventHelpers.py:
--------------------------------------------------------------------------------
1 |
2 | import uuid
3 | import socket
4 | import struct
5 | import time
6 | import json
7 | import eventsv2_pb2 as cbevents
8 |
9 | # number of milliseconds between Jan 1st 1601 and Jan 1st 1970
10 | time_shift = 11644473600000
11 |
12 | def windows_time_to_unix_time(windows_time):
13 | if windows_time == 0 :
14 | return windows_time
15 | windows_time /= 10000 # ns to ms
16 | windows_time -= time_shift # since 1601 to since 1970
17 | windows_time /= 1000
18 | return windows_time
19 |
20 | def filemod_action_to_str(action):
21 | if action == cbevents.CbFileModMsg.actionFileModCreate:
22 | return "create" # action must always be lower case
23 | if action == cbevents.CbFileModMsg.actionFileModWrite:
24 | return "write" # action must always be lower case
25 | if action == cbevents.CbFileModMsg.actionFileModDelete:
26 | return "delete" # action must always be lower case
27 | if action == cbevents.CbFileModMsg.actionFileModLastWrite:
28 | return "lastwrite" # action must always be lower case
29 | return "unknown" # action must always be lower case
30 |
31 | def regmod_action_to_str(action):
32 | if action == cbevents.CbRegModMsg.actionRegModCreateKey:
33 | return "createkey" # action must always be lower case
34 | if action == cbevents.CbRegModMsg.actionRegModWriteValue:
35 | return "writeval" # action must always be lower case
36 | if action == cbevents.CbRegModMsg.actionRegModDeleteKey:
37 | return "delkey" # action must always be lower case
38 | if action == cbevents.CbRegModMsg.actionRegModDeleteValue:
39 | return "delval" # action must always be lower case
40 | return "unknown" # action must always be lower case
41 |
42 | def convert_protobuf_to_cb_type(msg, sensorid):
43 | if msg.HasField('process'):
44 | return CbProcessEvent(msg.process, msg.header, msg.strings, sensorid)
45 |
46 | if msg.HasField('modload'):
47 | return CbModuleLoadEvent(msg.modload, msg.header, msg.strings, sensorid)
48 |
49 | if msg.HasField('filemod'):
50 | return CbFileModEvent(msg.filemod, msg.header, msg.strings, sensorid)
51 |
52 | if msg.HasField('regmod'):
53 | return CbRegModEvent(msg.regmod, msg.header, msg.strings, sensorid)
54 |
55 | if msg.HasField('network'):
56 | return CbNetConnEvent(msg.network, msg.header, msg.strings, sensorid)
57 |
58 | if msg.HasField('vtwrite'):
59 | return CbVtWriteEvent(msg.vtwrite, msg.header, msg.strings, sensorid)
60 |
61 | if msg.HasField('module'):
62 | return CbModInfoEvent(msg.module, msg.header, msg.strings, sensorid)
63 |
64 | if msg.HasField('childproc'):
65 | return CbChildProcEvent(msg.childproc, msg.header, msg.strings, sensorid)
66 |
67 | raise Exception("unknown type of message: '%s'" % str(msg))
68 |
69 | def protobuf_to_obj_and_host(serialized_pb_event):
70 | '''
71 | converts a serialized protobuff from the event bus.
72 |
73 | These are different because the have host info embedded
74 | as part of the CbEnvironmentMsg (which doesn't exist in the files)
75 |
76 | returns the cb_type object and the host info (as a tuple)
77 |
78 | (sensor_id, cb_object)
79 | '''
80 | msg = cbevents.CbEventMsg()
81 | msg.ParseFromString(serialized_pb_event)
82 |
83 | sensor_id = None
84 |
85 | if (msg.HasField('env')):
86 | sensor_id = msg.env.endpoint.SensorId
87 |
88 | cb_type = convert_protobuf_to_cb_type(msg, sensor_id)
89 |
90 | return (sensor_id, cb_type.to_obj())
91 |
92 | def protobuf_to_obj(serialized_protobuf_event, sensor_id):
93 | """
94 | converts a serialized protobuf CB event to a
95 | native python dictionary
96 | """
97 | msg = cbevents.CbEventMsg()
98 | msg.ParseFromString(serialized_protobuf_event)
99 | cb_type = convert_protobuf_to_cb_type(msg, sensor_id)
100 | return cb_type.to_obj()
101 |
102 | class CbBaseEvent(object):
103 | def __init__(self, msg, msg_type, msg_header, filepaths, sensorid, sensorevent=True):
104 | self.msg = msg
105 | self.msg_type = msg_type
106 | self.filepaths = filepaths
107 |
108 | self.version = msg_header.version
109 | self.event_timestamp = msg_header.timestamp
110 | self.process_guid = msg_header.process_guid
111 | self.filepath_string_guid = msg_header.filepath_string_guid
112 |
113 | self.sensorid = sensorid
114 | if sensorevent:
115 | self._fixup_guid(msg_header)
116 |
117 | def _make_guid(self, sensorid, pid, createtime):
118 | pid = int(pid)
119 | # new style guid
120 | high = (sensorid & 0xffffffff) << 32
121 | high = high | (pid & 0xffffffff)
122 | low = int(createtime)
123 | b = struct.pack(">QQ", high, low)
124 | return str(uuid.UUID(bytes=b))
125 |
126 | def _fixup_guid(self, header):
127 |
128 | if header.HasField('process_pid') and header.HasField('process_create_time'):
129 | pid = int(header.process_pid)
130 | self.process_guid = self._make_guid(self.sensorid, pid, header.process_create_time)
131 |
132 | def _lookup_filepath(self, target):
133 | for filepath in self.filepaths:
134 | if filepath.guid == target :
135 | return filepath.utf8string
136 | return str(target)
137 |
138 | def to_obj(self):
139 | raise NotImplementedError("'to_obj' must be implemented by subclass!")
140 |
141 | class CbProcessEvent(CbBaseEvent):
142 | def __init__(self, msg, msg_header, filepaths, sensorid):
143 | CbBaseEvent.__init__(self, msg, "PROCESS", msg_header, filepaths, sensorid)
144 | self.timestamp = self.event_timestamp
145 | self.guid = self.process_guid
146 | self.filepath = self._lookup_filepath(self.filepath_string_guid)
147 | self.pid = self.msg.pid
148 | self.created = self.msg.created
149 | # TODO: ADD process_create_time
150 | self.parent_pid = self.msg.parent_pid
151 | self.parent_create_time = self.msg.parent_create_time
152 | self.parent_guid = self._make_guid(self.sensorid, self.parent_pid, self.parent_create_time)
153 | self.md5hash = self.msg.md5hash
154 | self.have_seen_before = self.msg.have_seen_before
155 | self.commandline = self.msg.commandline
156 | self.parent_md5hash = self.msg.parent_md5
157 | self.parent_path = self.msg.parent_path
158 | self.creationobserved = self.msg.creationobserved
159 | self.username = None
160 | if msg.HasField('username'):
161 | self.username = self.msg.username
162 |
163 | def to_obj(self):
164 |
165 | dict = {}
166 |
167 | dict['type'] = 'proc'
168 | dict['timestamp'] = windows_time_to_unix_time(self.timestamp)
169 | dict['process_guid'] = self.process_guid
170 | dict['parent_process_guid'] = self.parent_guid
171 |
172 | dict['path'] = self.filepath
173 | dict['pid'] = self.pid
174 | dict['md5'] = self.md5hash.encode("hex").upper()
175 | dict['command_line'] = self.commandline
176 | dict['sensor_id'] = self.sensorid
177 | if (self.username is not None):
178 | dict['username'] = self.username
179 |
180 | return dict
181 |
182 | class CbChildProcEvent(CbBaseEvent):
183 | def __init__(self, msg, msg_header, filepaths, sensorid):
184 | CbBaseEvent.__init__(self, msg, "CHILDPROC", msg_header, filepaths, sensorid)
185 | self.timestamp = self.event_timestamp
186 | self.created = self.msg.created
187 | self.parent_guid = self.msg.parent_guid
188 | self.process_guid = self.msg.parent_guid # system is fragile. NEEDS process_guid
189 | self.md5hash = self.msg.md5hash
190 | self.child_guid = self.msg.child_guid
191 | self.path = self.msg.path
192 | self.pid = self.msg.pid
193 |
194 | if msg.HasField('create_time'):
195 | self.child_guid = self._make_guid(self.sensorid, self.pid, msg.create_time)
196 |
197 | def to_obj(self):
198 | dict = {}
199 |
200 | dict['type'] = 'childproc'
201 | dict['timestamp'] = windows_time_to_unix_time(self.timestamp)
202 | dict['process_guid'] = self.parent_guid
203 |
204 | dict['created'] = self.created
205 | dict['md5'] = self.md5hash.encode("hex").upper()
206 | dict['child_process_guid'] = self.child_guid
207 | dict['sensor_id'] = self.sensorid
208 |
209 | return dict
210 |
211 | class CbModuleLoadEvent(CbBaseEvent):
212 | def __init__(self, msg, msg_header, filepaths, sensorid):
213 | CbBaseEvent.__init__(self, msg, "MODULELOAD", msg_header, filepaths, sensorid)
214 |
215 | self.timestamp = self.event_timestamp
216 | self.guid = self.msg.guid
217 | self.filepath = self._lookup_filepath(self.filepath_string_guid)
218 | self.md5hash = self.msg.md5hash
219 | self.is_process_base_module = self.msg.is_process_base_module
220 | self.process_guid = self.process_guid
221 |
222 | def to_obj(self):
223 |
224 | dict = {}
225 |
226 | dict['type'] = 'modload'
227 | dict['timestamp'] = windows_time_to_unix_time(self.timestamp)
228 | dict['process_guid'] = self.process_guid
229 |
230 | dict['path'] = self.filepath
231 | dict['md5'] = self.md5hash.encode('hex').upper()
232 | dict['sensor_id'] = self.sensorid
233 |
234 | return dict
235 |
236 | class CbFileModEvent(CbBaseEvent):
237 | def __init__(self, msg, msg_header, filepaths, sensorid):
238 | CbBaseEvent.__init__(self, msg, "FILEMOD", msg_header, filepaths, sensorid)
239 | self.timestamp = self.event_timestamp
240 | self.guid = self.msg.guid
241 | self.filepath = self._lookup_filepath(self.filepath_string_guid)
242 | self.process_guid = self.process_guid
243 | self.action = filemod_action_to_str(self.msg.action)
244 | self.actiontype = self.msg.action
245 |
246 | def to_obj(self):
247 |
248 | dict = {}
249 |
250 | dict['type'] = 'filemod'
251 | dict['timestamp'] = windows_time_to_unix_time(self.timestamp)
252 | dict['process_guid'] = self.process_guid
253 |
254 | dict['path'] = self.filepath
255 | dict['action'] = self.action
256 | dict['actiontype'] = self.actiontype
257 | dict['sensor_id'] = self.sensorid
258 |
259 | # todo add md5 for filewrite_complete
260 |
261 | return dict
262 |
263 | class CbRegModEvent(CbBaseEvent):
264 | def __init__(self, msg, msg_header, filepaths, sensorid):
265 | CbBaseEvent.__init__(self, msg, "REGMOD", msg_header, filepaths, sensorid)
266 | self.timestamp = self.event_timestamp
267 | self.guid = self.msg.guid
268 | self.registry_path = msg.utf8_regpath
269 | self.process_guid = self.process_guid
270 | self.action = regmod_action_to_str(self.msg.action)
271 | self.actiontype = self.msg.action
272 |
273 | def to_obj(self):
274 |
275 | dict = {}
276 |
277 | dict['type'] = 'regmod'
278 | dict['timestamp'] = windows_time_to_unix_time(self.timestamp)
279 | dict['process_guid'] = self.process_guid
280 |
281 | dict['path'] = self.registry_path
282 | dict['action'] = self.action
283 | dict['actiontype'] = self.actiontype
284 | dict['sensor_id'] = self.sensorid
285 |
286 | return dict
287 |
288 | class CbNetConnEvent(CbBaseEvent):
289 | def __init__(self, msg, msg_header, filepaths, sensorid):
290 | CbBaseEvent.__init__(self, msg, "NETCONN", msg_header, filepaths, sensorid)
291 | self.timestamp = self.event_timestamp
292 | self.process_guid = self.process_guid
293 | self.ipv4address = self.msg.ipv4Address
294 | self.ipv4address_str = socket.inet_ntoa(struct.pack('