Skip to content
This repository has been archived by the owner on Oct 10, 2019. It is now read-only.
/ iCrt Public archive

Windows C# Gui Implementation of the Carbon Black Response feature set.

License

Notifications You must be signed in to change notification settings

IntegralDefense/iCrt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

THIS REPO HAS MOVED: New location https://github.com/ace-ecosystem/iCrt

iCrt

Windows C# Gui Implementation of the Carbon Black Response feature set.

Will interrogate a machine via WMI to determine prescense of a CB sensor, then check with a CB Master server to show last checkin time of the sensor, handy for indentifying a machine that might have a bad install.

Includes many useful features. Can deploy the CB Response agent to accessible machines on the same LAN. (Admin rights required on target devices.)

Mass install feature to deploy to multiple machines at once across a network.

Configurable for most any enterprise environment.

-In Progress - GUI implementation of common LiveResponse features such as dropping and retrieving files from a LR session. File structure browser of a target machine (VERY SLOW)

In order to make use of the tool in your environment, you will need to add your information to the following property resource fields in the application prior to building it.

CBApiKey - Your API key from your CB Response instance.

CbfileName - File name of the compressed CB Sensor install.

CBMasServer - FQDN of your CB Master server with the API path so... EX: https://cbmaster.mycompany.com:8443/api

CBPSScriptPathandName - This is the install script to be called on a scheduled task server. Could be anything called from Task scheduler. EX: C:\Scripts\CBInstall\CN_InstallClient.ps1

CBSApwd - Password to be used for creating scheduled tasks.

CBserviceAccount - Account to be used for creating scheduled tasks.

CBSourceServer - FQDN and path of where your Carbon Black Response sensor installer is. EX: \CBFileServer.Mycompany.com\Clientintallers

CBTaskServer - FQDN of the server you want to use as a scheduled task server for offline installs. EX: TASKSERVER.mycompany.com

LERCFileName - This ties into another GIT project, this is the installer name for the Live Response module. Ex: lercSetup.msi

LERCServer - Similar to the path used for CBSourceServer just is the path for LERCFileName - EX: \lercfileserver.mycompany.com\ClientInstallers

About

Windows C# Gui Implementation of the Carbon Black Response feature set.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages