Back to Blogs

Announcing Carbon Black Cloud App v2.0.0 for Splunk SOAR

Posted on February 13, 2024

We’re pleased to announce a new release of Carbon Black Cloud App for Splunk SOAR. One of the headline features of this release is the seamless transition from Alerts v6 to the more advanced Alerts v7.

There are some breaking changes, so check out the Release Notes and the User Guide before you install the new version of the app.

New Features

  • Upgraded to use the Alerts v7 API
    • Customers will have access to significantly improved metadata and alert types. A complete list of new, renamed, and removed fields is available in the Migration Guide.
    • See this blog for more information about the benefits of the Alert v7 API.
    • Some customers may see a decrease in alert volume, as Observed alerts have migrated to Observations.
    • All Alert types are ingested; Host Based Firewall and Intrusion Detection System have been added.
  • New action to enrich Carbon Black Cloud Alerts with Observations (get observations)
  • New action to pull scheduled tasks for Linux users (get cronjobs)
  • Updated action to get scheduled tasks for Windows users to get the scheduled tasks created by both the Windows GUI tool and via the command line.

Breaking Changes

Version 2.0.0 contains breaking changes.

Breaking Changes:

  • Alerts ingest has been changed to Alert API v7. Some fields in the earlier versions have been renamed or removed from the new versions.
  • An additional permission is needed to close alerts: Background Tasks - jobs.status - READ)
  • The Alert Action get enriched event has been deprecated and will be deactivated July 31, 2024 . The action get observations has been added and can enrich more Alert types.


Have questions or feedback?