Install Carbon Black Cloud Sensor via API and Python

Introducing a Quick Script to Download and Install Carbon Black Cloud Sensor via API and Python

Are you looking for a streamlined way to download and install the Carbon Black Cloud Sensor? Look no further! We are excited to introduce a quick and efficient script .

This script is designed to automate the process of acquiring and installing the Carbon Black Cloud Sensor, making it easier and faster for you to get up and running with this essential security tool.

The script is tailored to simplify the download and installation process by leveraging the Carbon Black Cloud API. By using this script, you can seamlessly obtain the necessary sensor kit and configuration links, and then proceed to download and install the sensor with just a few simple steps.

The script also provides the flexibility to download the sensor to a specific location using urllib or wget, and to install the sensor within the same script using OS subprocess.To use the script, you will need to manually identify the required sensor and update the variables with your APIs.

The script references the official Carbon Black Cloud documentation, providing links to the sensor kit and configuration, as well as the sensor versions, to ensure that you have access to the most relevant and up-to-date information.

Key Features:

  • Automates the download and installation of the Carbon Black Cloud Sensor via API.
  • Provides flexibility to download the sensor to a specific location and install it within the same script.
  • References the official Carbon Black Cloud documentation for accurate and current information.

To get started with the script, visit the GitHub repository at rstar13as/cbc_sensor_request and follow the instructions provided.

We believe that this script will be a valuable addition to your toolkit, enabling you to expedite the process of deploying the Carbon Black Cloud Sensor within your environment.For more details and to access the script, please visit the GitHub repository.

If you have any feedback or questions, we would love to hear from you. Thank you for considering this resource from Detectx.com.au.

Happy securing!

Note: The provided script is not affiliated with or endorsed by Carbon Black Cloud.

Please ensure that you have the necessary permissions and comply with the terms of use when utilizing the Carbon Black Cloud API and related resources. 

Visit the GitHub repository for more information and emphasizes the importance of complying with the terms of use when using the Carbon Black Cloud API.

##   Written by Roshan Ratnayake @detectx.com.au
##
##   Purpose: 
##
##    Automatically download Carbon Black Cloud Sensor and install the sensor.
##
##   Usage;
##    
##     You will need to manaualy identify the requred Sensor and update the variables with your APIs below.
##
##   Reference:
##     - Get Sensor Kit and Configuration Links - https://developer.carbonblack.com/reference/carbon-black-cloud/workload-protection/latest/sensor-lifecycle-management/#get-sensor-kit-and-configuration-links
##     - Check Sensor versions here - https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/index.html
##     - Use the following URL
##       EAP01: https://defense-eap01.conferdeploy.net
##       Prod 01: https://dashboard.confer.net
##       Prod 02: https://defense.conferdeploy.net
##       Prod 05: https://defense-prod05.conferdeploy.net
##       Prod 06: https://defense-eu.conferdeploy.net
##       Prod NRT: https://defense-prodnrt.conferdeploy.net
##       Prod Syd: https://defense-prodsyd.conferdeploy.net
##       Prod UK: https://ew2.carbonblackcloud.vmware.com
##       AWS GovCloud (US): https://gprd1usgw1.carbonblack-us-gov.vmware.com
##    - Postman - https://www.postman.com/vmware-carbon-black/workspace/vmware-carbon-black/request/28313458-9ac920b7-ee83-4125-965d-b45baf6480b5?ctx=documentation
##
##   Improvements;
##
##     - Download the file to a specific location using urllib or wget
##     - Install the sensor within the same script us using OS subprocess
##            import os
##            os.system(‘terraform plan’)
##     - Run the Carbon Black installer
##         https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Perform-an-Unattended-Installation-of/ta-p/65874
##         Replace 'your_msi_file.msi' with the actual MSI file name
##         msi_file = 'your_msi_file.msi'
##         Replace '/qn' with the actual silent installation switch
##         silent_switch = '/qn'
##         Run the MSI executable with the silent installation switch
##         subprocess.call(['msiexec', '/i', msi_file, silent_switch])
##         msiexec.exe /q /i <Sensor Installer Path> /L*v msi.log COMPANY_CODE="XYZABC" CLI_USERS=<UserGroupSid> POLICY_NAME="<NAME Virtual Policy>" CONFIGFILE="C:\Path\To\config-blob.ini"
##     - Automatically detect the Operating System and download the correct sensor using  the platform libary.
##        import platform
##        platform.system(),platform.architecture()
##     - Set the expiry automatically + 30 mins
##
##     Version Control
##
##     28.12.2023 - Basic version 




import requests
import webbrowser
import json

def download_sensor(url, org_id, x_auth_token, device_type, architecture, sensor_type, version, expires_at):
    headers = {
        'x-auth-token': x_auth_token,
    }

    data = {
        "sensor_types": [
            {
                "device_type": device_type,
                "architecture": architecture,
                "type": sensor_type,
                "version": version
            }
        ],
        "expires_at": expires_at
    }

    files = {
        'sensor_url_request': (None, json.dumps(data), 'application/json'),
    }

    endpoint = f'{url}/lcm/v1/orgs/{org_id}/sensor/_download'

    response = requests.post(endpoint, headers=headers, files=files)

    if response.status_code == 200:
        response_data = response.json()

        sensor_url = response_data['sensor_infos'][0]['sensor_url']
        sensor_config_url = response_data['sensor_infos'][0]['sensor_config_url']

        return sensor_url, sensor_config_url
    else:
        return f"Error: {response.status_code} - {response.json()}"

# Example usage:
url = 'https://defense-prodsyd.conferdeploy.net'
org_id = ''
x_auth_token = '' # This is tricky, this is a combination of your API ID and API Secret Key with / in between, eg. XXX/XXXX
device_type = 'WINDOWS'
architecture = '64'
sensor_type = 'WINDOWS'
version = '4.0.0.1292'
expires_at = '2024-06-05T23:39:52Z'

sensor_url, sensor_config_url = download_sensor(url, org_id, x_auth_token, device_type, architecture, sensor_type, version, expires_at)

print("Sensor URL:", sensor_url)
print("Sensor Config URL:", sensor_config_url)

webbrowser.open(sensor_url)
webbrowser.open(sensor_config_url)

Here is the script

Reference