jgarman/svchost_cbapi2.py

## svchost_cbapi2.py
from cbapi2 import CbApi2

cb = CbApi2("http://cb.example.com", "API_TOKEN", ssl_verify=False, debug=True)

# find all executions of a process named "svchost.exe" not in a Windows System directory
procs = cb.process_search('process_name:svchost.exe -path:c:\\windows\\system32\\svchost.exe -path:c:\\windows\\syswow64\\svchost.exe')
for proc in procs:
    print proc.start, proc.hostname, proc.path
	from cbapi2 import CbApi2

	cb = CbApi2("http://cb.example.com", "API_TOKEN", ssl_verify=False, debug=True)

	# find all executions of a process named "svchost.exe" not in a Windows System directory
	procs = cb.process_search('process_name:svchost.exe -path:c:\\windows\\system32\\svchost.exe -path:c:\\windows\\syswow64\\svchost.exe')
	for proc in procs:
	print proc.start, proc.hostname, proc.path