App Control: Is there an API query that returns a list of endpoints that have tamper protection enabled?
search cancel

App Control: Is there an API query that returns a list of endpoints that have tamper protection enabled?

book

Article ID: 284801

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Is there an API query that returns a list of endpoints with Tamper Protection enabled?

Environment

  • App Control (formerly CB Protection): All supported versions

Resolution

import requests, json, urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
​
# --- Prepare our request header and url ---
authJson={
'X-Auth-Token': '3CC63163-9283-4115-B77B-AB024A06C99E', # replace with actual user token
'content-type': 'application/json'
}
b9StrongCert = False 	# Set to False if your Server has self-signed IIS certificate
url = 'https://172.16.46.98/api/bit9platform' # replace with actual server address
​
# --- Get computers without tamper protection enabled ---
computers = requests.get(url + '/v1/computer?q=tamperProtectionActive:false',
 headers=authJson, 
 verify=b9StrongCert).json()
​
# --- For each computer found, send request to enable tamper protection
for c in computers:
	print c['name'] + "   " + c['agentVersion'] + ": Enabling Tamper Protection..."
	requests.post(
        url+'/v1/computer?newTamperProtectionActive=true', 
        json.dumps(c), headers=authJson, verify=b9StrongCert)
Collapse

Additional Information

For question regarding the query please reach out to the CB Developer Network on the User Exchange