To get started using CarbonCLI, perform the following procedure.

Prerequisites

Install CarbonCLI

Procedure

  1. Create a connection against which to run cmdlets: 
    Connect-CBCServer -Server https://defense.conferdeploy.net/ -Org ABCD1234 -Token ABCDEFGHIJKLMNO123456789/ABCD123456
  2. Get help with Carbon Black Cloud CLI cmdlets: 
    Get-Help Connect-CBCServer -Full
 Get-Help Get-CBCAlert -Examples
  3. Start using Carbon Black Cloud CLI cmdlets. For example:
    • Get all alerts with minimum severity 5 that are of type CB_ANALYTICS: 
      Get-CbcAlert -Severity 5 -Type CB_ANALYTICS
    • Get all observations for an alert: 
      Get-CbcAlert -Id "c295b8fc-0f5d-7193-3075-0301862c69b7" | Get-CbcObservation
    • Quarantine all devices that are with os WINDOWS and a specific os version (Windows 10 x64): 
      Get-CbcDevice -OS Windows -OSVersion "Windows 10 x64" | Set-CbcDevice -QuarantineEnabled $true
    • Get all devices with sensor version 3.9.2.2637 and upgrade the sensors to version 4.0.1.1358 
      Get-CbcDevice -Include @{"sensor_version" = @("3.9.2.2637")} |  Set-CbcDevice -SensorVersion "4.0.1.1358"
  4. Review Demo-Script.ps1 for useful getting-started examples covering the main Carbon Black Cloud concepts.