Carbon Black App Control

This app supports various investigative and containment actions on Carbon Black App Control (formerly Bit9)

Supported Actions

• test connectivity: Validate the API Token by attempting to connect to the Device URL. This action runs a quick query on the device to check the connection and token
• hunt file: Searches for a particular file across all the endpoints
• upload file: Upload a file to a computer
• list files: List the files available on the controller
• get file: Get the file from the controller and add it to the vault
• analyze file: Analyze a file on a computer
• unblock hash: Unblocks a particular hash
• block hash: Ban the file hash
• get system info: Get information about an endpoint
• get file instances: Searches for file instances
• update file instance: Change local file instance state
• update computer: Change computer object details
• list policies: List the policies