Tools to automate and/or expedite response.
git clone git@github.com:redcanaryco/redcanary-response-utils.git
mkvirtualenv redcanary-response-utils
python setup.py develop
./sensor-util.py
Platforms: Carbon Black (Response)
Execute a basic response plan targeting a single endpoint. Performs the following actions:
- Isolate the endpoint.
- Kill associated processes.
- Ban offending binary file(s).
Platforms: Carbon Black (Response)
Enumerate network connections based on a wide variety of criteria. Includes support for:
- process- and connection-based whitelists
- filtering by host type (Workstation or Server)
- more
Platforms: Carbon Black (Response)
Enumerate processes. This is a performant alternative to timeline.py if you wish to quickly examine process start events only.
Platforms: Carbon Black (Response)
Enumerate sensors and output metadata, to include endpoint health.
Platforms: Carbon Black (Response)
Generate a timeline of activity associated with a user, endpoint, or other limiting criteria.
Platforms: Carbon Black (Response)
Enumerate USB mass storage devices.
NOTE: Only supports enumeration of devices on Windows endpoints.