Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/redcanaryco/redcanary-response-utils

Tools to automate and/or expedite response.
https://github.com/redcanaryco/redcanary-response-utils

edr security-tools

Last synced: 7 days ago
JSON representation

Tools to automate and/or expedite response.

Awesome Lists containing this project

README 

        
Tools to automate and/or expedite response.



### Setup



```

git clone [email protected]:redcanaryco/redcanary-response-utils.git



mkvirtualenv redcanary-response-utils



python setup.py develop



./sensor-util.py



```



### cblr-basic.py

Platforms: Carbon Black (Response)



Execute a basic response plan targeting a single endpoint.

Performs the following actions:



1. Isolate the endpoint. 

2. Kill associated processes.

3. Ban offending binary file(s).



### network-util.py

Platforms: Carbon Black (Response)



Enumerate network connections based on a wide variety of criteria. Includes

support for:



- process- and connection-based whitelists

- filtering by host type (Workstation or Server)

- more



### process-util.py

Platforms: Carbon Black (Response)



Enumerate processes. This is a performant alternative to timeline.py if you

wish to quickly examine process start events only.



### sensor-util.py

Platforms: Carbon Black (Response)



Enumerate sensors and output metadata, to include endpoint health.



### timeline.py

Platforms: Carbon Black (Response)



Generate a timeline of activity associated with a user, endpoint, or other

limiting criteria. 



### usb-util.py

Platforms: Carbon Black (Response)



Enumerate USB mass storage devices. 



NOTE: Only supports enumeration of devices on Windows endpoints.