Back to Blogs
Announcing Carbon Black Cloud App v2.0.0 for Splunk SOAR
Announcing Carbon Black Cloud App v2.0.0 for Splunk SOAR
Posted on February 13, 2024
We’re pleased to announce a new release of Carbon Black Cloud App for Splunk SOAR. One of the headline features of this release is the seamless transition from Alerts v6 to the more advanced Alerts v7.
There are some breaking changes, so check out the Release Notes and the User Guide before you install the new version of the app.
New Features
- Upgraded to use the Alerts v7 API
- Customers will have access to significantly improved metadata and alert types. A complete list of new, renamed, and removed fields is available in the Migration Guide.
- See this blog for more information about the benefits of the Alert v7 API.
- Some customers may see a decrease in alert volume, as Observed alerts have migrated to Observations.
- All Alert types are ingested; Host Based Firewall and Intrusion Detection System have been added.
- New action to enrich Carbon Black Cloud Alerts with Observations (
get observations
) - New action to pull scheduled tasks for Linux users (
get cronjobs
) - Updated action to get scheduled tasks for Windows users to get the scheduled tasks created by both the Windows GUI tool and via the command line.
Breaking Changes
Version 2.0.0 contains breaking changes.
Breaking Changes:
- Alerts ingest has been changed to Alert API v7. Some fields in the earlier versions have been renamed or removed from the new versions.
- An additional permission is needed to close alerts: Background Tasks - jobs.status - READ)
- The Alert Action
get enriched event
has been deprecated and will be deactivated September 5, 2024 . The actionget observations
has been added and can enrich more Alert types.
Resources:
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
- Report bugs and change requests to Carbon Black Support
- Subscribe to the Developer Network Newsletter