Currently there are two playbooks, CBC Alerts and CBC Assets, available for Carbon Black Cloud which automates reactions to an alert based on alert or asset properties.
Under Repo URL put https://github.com/carbonblack/splunk-soar-content.git
Under Branch Name put main
Leave both Username and Password or access token blank
Under Repo name put cbc-playbooks and click Save
Click the "Update from source control" button and choose your new Repo entry from the Source to update from drop-down.
Type the name of the playbook (CBC Alerts) in the search bar below the drop-down menu.
Playbooks
The Carbon Black Cloud Alert Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types.
The Carbon Black Cloud Asset Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR based on endpoint device details. There are basic actions for managing alerts and endpoints.
Give Feedback
Use this form to give us feedback about this site or any of the documentation.