Carbon Black Security PowerShell SecOps Automation

CarbonBlackPS | A PowerShell Module for Carbon Black

Feb 2, 2022 3 min read
CarbonBlackPS | A PowerShell Module for Carbon Black

CarbonBlackPS is a PowerShell module for Carbon Black that I threw together over the course of a couple weekends in early 2021. This was one of the first modules I wrote and something that has saved me and my team a lot of time.

The project is available for download on Github and PowerShell Gallery and works with either Windows PowerShell or PowerShell Core.

Carbon Black Setup

To interact with the Carbon Black API, you need to authenticate your requests with several parameters which are defined in the API docs.

  • Log in to your Carbon Black Cloud console. Make note of the web address as you will need it for later. This is your environment:
  • Navigate to Settings>API Access
  • Navigate to 'Access Levels' and click 'Add Access Level'
  • Enter a Name and Description along with the necessary permissions to interact with the various endpoints you plan to make use of. This can be adjusted later if needed.
  • Navigate to 'API Keys' and make note of your Org Key and click 'Add API Key'
  • Enter a Name and Description and then select 'Custom' for the 'Access Level type' and select the name of the Access Level you created in the previous step for 'Custom Access Level'.
  • Click 'Save' and your API ID and API Secret Key will be displayed. Make note of these as you will need them shortly.

PowerShell Module Setup

To install the module, simply open PowerShell and then enter the following command: Install-Module -Name CarbonBlackPS

After installing, import the module by running the following command: Import-Module CarbonBlackPS

Next, run Set-CbConfig to create your config.json file with the values you obtained from the previous section. Here is an example: Set-CbConfig -Environment "https://defense-prod05.conferdeploy.net" -ApiSecret "YOUR_API_SECRET" -ApiID "YOUR_API_ID" -OrgKey "YOUR_ORG_KEY"

This will create a config.json file in the root of your module's directory with your Environment, API Secret Key, API ID, and Org Key. After you run Set-CbConfig with the proper parameters you fetched earlier, you are ready to use this module.

Command Help and Examples

To get a list of commands, run Get-Command -Module CarbonBlackPS.

To get help about any particular function, run Get-Help <commandname> -Detailed.

To return examples of a particular command, run Get-Help <commandname> -Examples.

Published by
Tim Murphy
Tim Murphy
Security Professional and problem solver. I enjoy creating solutions and building automated workflows, with a true passion for all things IT and security.
Table of Contents
Great! Next, complete checkout for full access to Mr. Clix It.
Welcome back! You've successfully signed in.
You've successfully subscribed to Mr. Clix It.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.