App Control: What B9cli Commands are Available on Linux?
search cancel

App Control: What B9cli Commands are Available on Linux?

book

Article ID: 286496

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What B9cli Commands are Available on Linux?

Environment

  • App Control Agent: All Supported Versions
  • Linux: All Supported Versions

Resolution

Not Authenticated:
--password arg<pwd> [timeout#] Enabled command access
--isinitializingIs the agent currently initializing
--statusDisplay status summary
--capture arg<filename> Capture all diagnostics files into a zip archive
--countersDisplay counter information
--copycache arg<directory> Make a safe copy of the live cache/server files and store in specified directory
--initializationallowed arg[0|1] Toggle whether the agent is allowed to initialize
--serverDisplay the server address
--setserver arg<address>[:port[:serverid]] Change the server address/port/serverId
--shutdownStop CbProtection Agent
--startupStart CbProtection Agent
--timedoverride arg<Password> Temporarily override current enforcement level
--versionDisplays the software versions
--wait arg<condition> [timeout] Wait until condition is true, or timeout, up to timeout seconds

Authenticated:
--abcountShow name and hash antibody counts
--abstate argModify data AB state
--add arg<type> [args] Add generic data
--analyzeAnalyze counters for potential problems, generate analysis.bt9
--bookmark argBookmark a cache for ClientEmulation
--checkcache arg[level [flags]]|[abort] Instruct the agent to correct cache problems
--configlistGet current configuration list version
--configlistrefreshForce config list refresh from server
--connectAllow connection to server
--countevents argEvent counts (All|Sent|Unsent)
--countreports argFile reports counts (All|Sent|Unsent)
--disconnectDisconnect and prevent connection to server
--configpropsDisplay active config properties
--debuglevel arg[0-4] Report or set agent debug message level
--devicesShows attached devices (or all devices ever seen)
--uniquedevicesShows unique set of devices
--devicerulesShows server device control rules
--delete arg<type> [args] Removes generic data
--dump arg<agent|system|config> Generate a crash dump, or config dump options
--find arg<filename> Find file by filename
--filequeueDisplay file analysis queue
--flushlingeringFlush DABs with no corresponding NABs
--flushlogsFlush CbProtection log files
--grouptest arg<group> <user> Tests whether user is a member of group
--get arg<type> [args] Retrieve generic data from agent
--healthcheckChecks to see if agent is healthy
--hash arg <filename> Hash a file
--hostgroupGet current host group identifier
--importconfiglist arg<file> [full] [now] Loads configlist
--installs arg<active|trust> Display install events
--isconnectedIs the agent connected to the server
--isinsession Is the agent in session with the server
--issleepingIs the agent sleeping
--kernelconfig arg<name> <value> Send a name/value property to the kernel
--kerneltrace arg[level [flags]] Enable tracing in kernel (0 disables)
--knormalize arg<file> Show the normalized kernel filename
--lingeringShow lingering file hashes
--links arg <file> Show the hardlinks for file
--localapprovalsShow local hash approvals
--md5 arg <hash> Find file by MD5 hash
--nettrace arg[0|1] Turn network tracing off or on, or report state
--notifierRun CLI version of the notifier
--prioritize arg[0|1] (De-)Prioritize sending events and file reports
--process arg<pid> Show process information by process id
--processchain arg<pid> Show process lineage by process id
--processesShow process list
--resetcountersReset counters back to their initial state
--enforcement arg<#> Report or change the enforcement level
--disconnectedenforcement arg[#] Report or change the offline enforcement level
--sha1 arg<hash> Find file by hash
--sha256 arg<hash> Find file by hash
--showscriptpolicies arg[1] Show script rules (unexpanded)
--showmempolicies arg [1] Show memory rules (unexpanded)
--shownamebans arg[1] Show name ban rules (unexpanded)
--showpapathsShow crawl paths
--showpathpolicies arg [1] Show name custom rules (unexpanded)
--showtrustedShow trusted process list
--showupgradesShow version history of CbProtection Agent
--sysinfoDisplays system information
--sslmode arg[#] Set SSL mode (1:Basic, 2:Strong), or report mode
--tamperprotect arg[0|1] Set tamper protection off or on, or report state
--testpattern arg<pattern> <test> Tests whether a given pattern matches a filename
--trustedusers Shows trusted users and user groups
--unittest arg[subsystem[subsystem,...]] Execute kernel subsystem tests
--tagsGet current classification assignments
--uploaddiagnosticsUpload diagnostics files to server
--usersShows logged on users
--volumesDisplays volume information