CbRCLI is our in-house tool for performing incident response engagements involving Carbon Black.

It is designed to work alongside the Carbon Black web interface to aid in searching and bulk analysis of data, providing a fast and effective means of querying and filtering results. After months of development and success on incident response engagements, we believe the tool is mature enough to be released to the wider community.

Designed to be accessible to people of all technical abilities and backgrounds, CbRCLI provides powerful suggestion and autocompletion functionality through the excellent prompt_toolkit library to speed up analysis and reduce typing mistakes. Data is displayed in a tabular format, allowing the user to specify the fields they are interested in, speeding up analysis time and improving efficiency.

For more information, including installation and usage instructions with examples, see the project github page at github.com/ctxis/cbrcli
The video below shows a quick overview of some of the functionality available in CbRCLI.

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA