Carbon Black Cloud Playbooks for Splunk SOAR
Currently there is one playbook,
Carbon Black Cloud Alert Playbook, available for Carbon Black Cloud which automates reactions to an alert.
- Check the Splunk SOAR documentation on how to access the source control settings in Splunk SOAR
- Leave both
Password or access tokenblank
- Click the
"Update from source control"button and choose your new Repo entry from the
Source to update fromdrop-down.
- Type the name of the playbook (
CBC Alerts) in the search bar below the drop-down menu.
The Carbon Black Cloud Alert Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types.