.. _protection_api:

Carbon Black Protection REST API

This page documents the public interfaces exposed by cbapi when communicating with a Carbon Black Enterprise

Protection server.

Main Interface

To use cbapi with Carbon Black Protection, you will be using the CbEnterpriseProtectionAPI.

The CbEnterpriseProtectionAPI object then exposes two main methods to select data on the Carbon Black server:

.. autoclass:: cbapi.protection.rest_api.CbEnterpriseProtectionAPI

:members:

:inherited-members:

Queries

.. autoclass:: cbapi.protection.rest_api.Query

:members:

Models

.. autoclass:: cbapi.protection.models.Computer

:members:

:inherited-members:

.. _response_api:

.. _exceptions:

Exceptions

If an error occurs, the API attempts to roll the error into an appropriate Exception class.

Exception Classes

.. autoexception:: cbapi.errors.ApiError

.. autoexception:: cbapi.errors.CredentialError

.. autoexception:: cbapi.errors.ServerError

.. autoexception:: cbapi.errors.ObjectNotFoundError

.. autoexception:: cbapi.errors.MoreThanOneResultError

API Credentials

In order to perform any queries via the API, you will need to get the API token for your Cb user. See the documentation

on the Developer Network website on how to acquire the API token for

`Enterprise Response <http://developer.carbonblack.com/reference/enterprise-response/authentication/>`_ or

`Enterprise Protection <http://developer.carbonblack.com/reference/enterprise-protection/authentication/>`_.

Once you acquire your API token, place it in one of the default credentials file locations:

* ``/etc/carbonblack/credentials.response`` (or ``.protection`` for Cb Enterprise Protection)

* ``~/.carbonblack/credentials.response``

* (current working directory) ``.carbonblack/credentials.response``

Credentials found in a later path will overwrite earlier ones.

The credentials are stored in INI format. The name of each credential profile is enclosed in square brackets, followed

by comma separated key-value pairs providing the necessary credential information::

The possible options for each credential profile are:

* **url**: The base URL of the Cb server. This should include the protocol (https) and the hostname, and nothing else.

* **token**: The API token for the user ID. More than one credential profile can be specified for a given server, with

different tokens for each.

* **ssl_verify**: True or False; controls whether the SSL/TLS certificate presented by the server is validated against

the local trusted CA store.

* **proxy**: A proxy specification that will be used when connecting to the Cb server. The format is:

``http://myusername:mypassword@proxy.company.com:8001/`` where the hostname of the proxy is ``proxy.company.com``, port

8001, and using username/password ``myusername`` and ``mypassword`` respectively.

* **ignore_system_proxy**: If you have a system-wide proxy specified, setting this to True will force cbapi to bypass

the proxy and directly connect to the Cb server.

Future versions of cbapi will also provide the ability to "pin" the TLS certificate so as to provide certificate

verification on self-signed or internal CA signed certificates.

New scripts should use the :py:mod:`cbapi.response.rest_api.CbEnterpriseResponseAPI`

(for Carbon Black Enterprise Response) and :py:mod:`cbapi.protection.rest_api.CbEnterpriseProtectionAPI`

enterprise-protection

exceptions

"""A ServerError is raised when an HTTP error code is returned from the Carbon Black server."""

"""The requested object could not be found in the Carbon Black datastore."""

"""Only one object was requested, but multiple matches were found in the Carbon Black datastore."""

"""Returns True if this object has unsaved changes. Use :py:meth:`MutableModel.save` to upload the changes to