Carbon Black Cloud Binary Toolkit User Guide

Who is this for?

Those who want to get up and running with the built-in functionality provided with the Toolkit. This includes how to use the example YARA Analysis Engine, as well as details of the built-in SQLite State Management database, and other components.

Where do I go if I have questions?

Review the troubleshooting section if something isn't working as expected. If you want to modify the Toolkit, see the Developer Guide.

In what order should I follow the guide?

Generally,

1. Install CBC Python SDK via pip, if you don't already have it
   • pip install carbon-black-cloud-sdk
   • follow the [CBC Python SDK README](pip install carbon-black-cloud-sdk) for setup instructions
2. Install the toolkit via pip
   • pip install cbc-binary-toolkit
3. Configure API Access
4. Create a Feed to send analysis results to
5. Edit your configuration file
6. Configure YARA rules (optional)
7. Run the analysis utility

Pages

• API Access
• Getting Started
• Configuring YARA Rules
• Creating a Feed
• Troubleshooting

Assumptions

1. The Toolkit has been installed via pip

pip install cbc-binary-toolkit

2. You have configured a Carbon Black API Key

3. You have read the README and installed the requirements via pip

4. The built-in examples are being used for execution, including the Analysis Utility, Built-in State Management Database, and YARA Analysis Engine.