Skip to content

abotsis/cb-lastline-connector

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

cbopensource

cbopensource

 
 

root

root

 
 

scripts

scripts

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

cb-lastline-connector.spec

cb-lastline-connector.spec

 
 

python-cb-lastline-connector.spec

python-cb-lastline-connector.spec

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

test-requirements.txt

test-requirements.txt

 
 

Repository files navigation

Carbon Black - Lastline Connector

The LastLine connector submits binaries collected by Carbon Black to a LastLine appliance for binary analysis. The results are collected and placed into an Intelligence Feed on your Carbon Black server. The feed will then tag any binaries executed on your endpoints identified as malware by LastLine. Only binaries submitted by the connector for analysis will be included in the generated Intelligence Feed.

Installation Quickstart

As root on your Carbon Black or other RPM based 64-bit Linux distribution server:

cd /etc/yum.repos.d
curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo
yum install python-cb-lastline-connector

Once the software is installed via YUM, copy the /etc/cb/integrations/lastline/connector.conf.example file to /etc/cb/integrations/lastline/connector.conf. Edit this file and place your Carbon Black API key into the carbonblack_server_token variable and your Carbon Black server's base URL into the carbonblack_server_url variable.

Then you must place your credentials for LastLine into the configuration file: place your API key and API token respectively into the lastline_api_key and lastline_api_token variables in the /etc/cb/integrations/lastline/connector.conf file.

If you are using an on-premise LastLine appliance, make sure to place the URL for your on-premise LastLine appliance in the lastline_url variable and set lastline_url_sslverify to 0 if your appliance does not have a valid SSL certificate.

Any errors will be logged into /var/log/cb/integrations/lastline/lastline.log.

Troubleshooting

If you suspect a problem, please first look at the Lastline connector logs found here: /var/log/cb/integrations/lastline/lastline.log (There might be multiple files as the logger "rolls over" when the log file hits a certain size).

If you want to re-run the analysis across your binaries:

  1. Stop the service: service cb-lastline-connector stop
  2. Remove the database file: rm /usr/share/cb/integrations/lastline/db/sqlite.db
  3. Remove the feed from your Cb server's Threat Intelligence page
  4. Restart the service: service cb-lastline-connector start

Contacting Bit9 Developer Relations Support

Web: https://community.bit9.com/groups/developer-relations E-mail: dev-support@bit9.com

Reporting Problems

When you contact Bit9 Developer Relations Technical Support with an issue, please provide the following:

  • Your name, company name, telephone number, and e-mail address
  • Product name/version, CB Server version, CB Sensor version
  • Hardware configuration of the Carbon Black Server or computer (processor, memory, and RAM)
  • For documentation issues, specify the version of the manual you are using.
  • Action causing the problem, error message returned, and event log output (as appropriate)
  • Problem severity

About

Carbon Black - LastLine Binary Detonation Connector

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages

  • Python 98.4%
  • Shell 1.6%