Access official resources from Carbon Black experts
// Waits for event segments to be fetched events_query = proc.events(event_type="filemod") events_query[0] while events_query._total_segments != events_query._processed_segments: events_query[0]
from cbapi.psc.threathunter import CbThreatHunterAPI, Process cb = CbThreatHunterAPI() #grab a process for the guid we're interested in query = cb.select(Process).where("process_guid:76DFDR97-011727a1-00004ff0-00000000-1d62913656d920a") for proc in query: print(proc.process_guid) print("Filemods: {}".format(proc.filemod_count)) print("Regmods: {}".format(proc.regmod_count)) print("Modloads: {}".format(proc.modload_count)) print("Crossprocs: {}".format(proc.crossproc_count)) print("Childprocs: {}".format(proc.childproc_count)) for e in proc.events(event_type="filemod"): if "mp4" in e.filemod_name: print(e.filemod_name)
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.