News Releases2 min read

Context Releases Open-Source Incident Response Tool for Carbon Black’s CB Response to Help Speed Analysis

LONDON & WALTHAM, Mass. – (Nov 17, 2017) – Leading cybersecurity consultancy, Context Information Security, and Carbon Black, the leader in next-generation endpoint security, today announced the availability of a new open-source incident response tool for Carbon Black’s market-leading endpoint detection and response (EDR) solution, CB Response.

The new CB Response Command Line Interface (CbRCLI) tool speeds up the live analysis of malicious activity across IT systems and provides a feature-rich interface for quickly performing searches and retrieving large amounts of information. The tool also delivers a fast and effective means of querying and filtering results.

CbRCLI works alongside the Carbon Black web interface for the bulk analysis of data and is designed to be accessible to people of all technical abilities and backgrounds. Its powerful suggestion and autocomplete functionality speeds up analysis and reduces entry mistakes, while data is displayed in tabular format, allowing users to specify the relevant fields.

“Being able to quickly search the vast amount of data Carbon Black stores from the endpoints helps us quickly and accurately identify the anomalies – the data that needs more careful attention from analysts,” said Russell Hole, lead analysis consultant at Context Information Security. “By taking advantage of the comprehensive API provided by CB Response, we have been able to bring some of the data client-side and therefore provide functionality that’s harder to implement server-side, for example, applying regex filters to any field. We use the tool a lot and we’re now really happy to share with the IR community.”

“Context’s CbRCLI tool provides a powerful, text-based interface for CB Response that is very valuable in environments where systems may be locked down or where incident responders prefer a more Linux command shell-type interface for dealing with large amounts of data,” said Jim Raine, director of Carbon Black technical alliances. “This tool is valuable to any security professional looking for faster and more conclusive answers during an engagement.”

CbRCLI is available via Context GitHub page at:

A video on CbRCLI may be viewed at:

About Context

Context is a leading cyber security consultancy with a comprehensive portfolio of advisory and advanced technical services, from network security monitoring, penetration testing and assurance to rapid incident response and intrusion analysis, training and technical security research. Context is focused on helping clients avoid potential breaches and to deter, detect and respond to the most sophisticated cyber-attacks.

Established in 1998, Context is certified by NCSC and CPNI in the UK for the Cyber Incident Response scheme and helped to establish the not-for-profit industry body CREST and its associated standards and accreditations.

Context’s client base includes some of the world’s leading blue chip companies, alongside public sector and government organisations, for technical assurance, incident response and investigation services. An exceptional level of technical expertise and detailed methodology underpin all Context services and help clients to attain a deeper understanding of security vulnerabilities, threats and incidents. With offices in the UK, US, Australia and Germany, Context is ideally placed to work with clients worldwide.  

For more information for editors or images, please contact:

Peter Rennison / Sam Morgan, PRPR

Tel + 44 (0)1442 245030, /

About Carbon Black

Carbon Black is the leading provider of next-generation endpoint security. With more than 13 million endpoints under management, Carbon Black has more than 3,000 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.