Skip to content

Instantly share code, notes, and snippets.

@jgarman

jgarman/svchost_cbapi.py

Last active August 29, 2015 14:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jgarman/69834eaf0f681f539b6a to your computer and use it in GitHub Desktop.
Save jgarman/69834eaf0f681f539b6a to your computer and use it in GitHub Desktop.
Download ZIP
Example CbApi code with boilerplate
Raw
svchost_cbapi.py
import cbapi
# Connect to the Cb server on cbserver.local.
cb = cbapi.CbApi("https://cbserver.local.", token="API_TOKEN", ssl_verify=False)
while True:
# find all executions of a process named "svchost.exe" not in a Windows System directory
procs = cb.process_search('process_name:svchost.exe -path:c:\\windows\\system32\\svchost.exe -path:c:\\windows\\syswow64\\svchost.exe', start=start)
if len(procs["results"]) == 0:
break
for result in procs["results"]:
proc_detail = cb.process_events(result['id'], result['segment_id'])
print proc_detail['process']['start'], proc_detail['process']['hostname'], proc_detail['process']['path']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment