Back to Blogs

Announcing VMware Carbon Black Cloud App v1.0.0 for Splunk SOAR

Posted on January 18, 2023

Carbon Black Cloud Integration with Splunk SOAR

We are proud to announce the first release of a unified integration connecting the VMware Carbon Black Cloud platform with Splunk SOAR. Through this application, customers can integrate Carbon Black Cloud actions and data into Splunk SOAR workflows using a single application. Additionally, customers can integrate their endpoint protection platform functionality either directly from the Carbon Black Cloud, or from Splunk SIEM (using the Splunk App for Splunk SOAR), and eliminate the need for outdated or custom-built integrations.


  • Ingest CBC Alerts either directly via the REST API or via Splunk Enterprise via the Splunk app for Splunk SOAR
  • Over 30 SOAR actions that can be used in custom playbooks tailored to the customer’s environment or use case, including Live Response actions that are executed on the endpoints
  • Example playbooks that can be readily deployed


  • Orchestrate and automate Carbon Black Cloud actions
  • Operationalize your Carbon Black Cloud data with speed and confidence
  • Reduce pivoting between consoles by integrating endpoint context and response actions directly into the Splunk SOAR console


Have questions or feedback?