CBPFindRule
Find the rule state for a hash value in CBEP/Bit9.
python · Carbon Black Enterprise Protection
Source
import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 def cbp_find_rule(args): STATES = {1: "Unapproved", 2: "Approved", 3: "Banned"} res = [] found = [] md = "" t = [] hashes = argToList(args["hash"]) for h in hashes: resSearch = demisto.executeCommand("cbp-fileRule-search", {"query": "hash:" + h}) for entry in resSearch: if isError(entry): res.append(entry) else: for rule in entry["Contents"]: t.append(rule) found.append(rule["hash"]) md += "Hash " + rule["hash"] + " is in state **" + STATES[rule["fileState"]] + "**\n" if found: appendContext("found_hashes", ",".join(found), dedup=True) res.append({"Type": entryTypes["note"], "ContentsFormat": formats["markdown"], "Contents": md}) res.append({"Type": entryTypes["note"], "ContentsFormat": formats["table"], "Contents": t}) demisto.results(res) def main(): # pragma: no cover args = demisto.args() try: cbp_find_rule(args) except Exception as e: err_msg = f"Encountered an error while running the script: [{e}]" return_error(err_msg, error=e) if __name__ in ("__main__", "__builtin__", "builtins"): main()
README
Finds the rule state for a hash value in CBEP/Bit9.
Script Data
| Name | Description |
|---|---|
| Script Type | python |
| Tags | carbon-black-protection, bit9, enhancement |
Dependencies
This script uses the following commands and scripts.
- cbp-fileRule-search
Inputs
| Argument Name | Description |
|---|---|
| hash | The hash value(s) to check. |
Outputs
There are no outputs for this script.