-
Notifications
You must be signed in to change notification settings - Fork 4
Glossary
Function of the persistor. Adds a Report (IOC record) to the report_item table of the persistor.
The code that accepts a binary download URL as input, performs some analysis on the binary, and outputs an EngineResponse, conforming to the EngineResponseSchema.
Error raised when an assertion statement evaluates to False
Abstract base class, that should be inherited by persistor objects. Contains the methods needed for the toolkit to function.
Abstract base class that should be inherited by persistory factory objects. Contains a method to create a new persistor object.
A file.
Unique SHA256 identifier for a binary.
Schema defining the response expected from the /metadata route of the Unified Binary Store API. Defined in src/cbc_binary_toolkit/schemas.py.
Cloud-native endpoint protections platform (EPP) that provides what you need to secure your endpoints using a single, lightweight agent and an easy-to-use console. Formerly called the Predictive Security Cloud.
Python library for Carbon Black Cloud.
The original Python SDK for Carbon Black Cloud. Now deprecated for Carbon Black Cloud and replaced by CBC SDK. CBAPI is supported for EDR (previously CB Response) and App Control (previously CB Protection).
Identifier of where a hash is in the binary analysis workflow.
File containing configuration values for the toolkit.
Error raised when invalid values are found in the configuration file.
Function of the persistor. Removes all report items (IOC records) for a specified analysis engine from the persistor.
Removes hashes from the command line input that have already been processed, as determined by the contents of the persistor.
How many seconds the binary download links retrieved from the Unified Binary Store should remain valid for. Defined in src/cbc_binary_toolkit/ingestion_component.py.
Synonym for Analysis Engine
JSON formatted output from an analysis engine. An engine response must conform to the EngineResponseSchema.
Schema defining the output from an analysis engine. Defined in src/cbc_binary_toolkit/schemas.py.
Configuration value for the name of an analysis engine. An engine name can be arbitrary, but must be used consistently throughout the toolkit.
A threat hunting and incident response solution delivery unfiltered visibility for top security operations centers (SOCs) and incident response (IR) teams. Part of the Carbon Black Cloud. Formerly called ThreatHunter.
A collection of Indicators of Compromise (IOCs). Feeds can be created and modified with the Feed API.
Function of the persistor. Returns all report items (IOC records) for a specified analysis engine from the persistor.
Function of the persistor. Returns a sorted list of all previously completed hashes for a specified analysis engine from the persistor.
Function of the persistor. Returns a sorted list of all hashes that have not been completed.
Contains methods for the fetching of binary metadata from the Unified Binary Store. Defined in /src/cbc_binary_toolkit/ingestion_component.py.
The hashes to be analyzed provided to the toolkit via the command line. The hashes can be in a CSV file or a JSON string.
Indicator of Compromise. Also referred to as IOCv2.
Indicator of Compromise. Defined in the Developer Network Feed API documentation.
Schema defining an Indicator of Compromise. Defined in src/cbc_binary_toolkit/schemas.py.
Schema defining the expected format of IOCs returned from an analysis engine. Similar to IOCv2Schema, with the addition of the "severity" property, which is used when storing IOCs in the persistor before adding them to a Feed. Defined in src/cbc_binary_toolkit/schemas.py.
Error raised when a component is created without valid parameters.
Abstract base class that should be inherited by engine factory objects. Contains a method to create a new engine object.
High level manager for analysis engines. Initializes and manages the threaded analysis engines.
Information about a binary, including the a download URL, hash, size, and other attributes.
The code that manages the persistor.
The code that is called to store and retrieve data from the database or other data storage environment.
Function of the persistor. Removes all entries older than a specified ISO 8601 timestamp from the persistor.
JSON formatted object that is stored in a Feed. Defined in the Developer Network Feed API documentation.
Schema defining a Report. Defined in src/cbc_binary_toolkit/schemas.py.
An integer score between 1-10, inclusive. Represents the severity of an IOC.
Synonym for persistence manager.
The default persistor included with the toolkit.
The previous name for Enterprise Endpoint Detection and Response.
Information about a security threat. Most commonly in the form of an IOC.
Centralized service that is part of the Carbon Black Cloud, used for storage of binary metadata.
A string pattern matching tool used to analyze and classify malware.
Copyright © 2020 VMware Inc., All Rights Reserved.
Information here is current as of Carbon Black Cloud Binary Toolkit 1.0.0