Carbon Black Cloud Playbooks for Splunk SOAR
Currently there are two playbooks, CBC Alerts
and CBC Assets
, available for Carbon Black Cloud which automates reactions to an alert based on alert or asset properties.
Setup
- Check the Splunk SOAR documentation on how to access the source control settings in Splunk SOAR
- Under
Repo URL
puthttps://github.com/carbonblack/splunk-soar-content.git
- Under
Branch Name
putmain
- Leave both
Username
andPassword or access token
blank
- Under
Repo name
putcbc-playbooks
and clickSave
- Click the
"Update from source control"
button and choose your new Repo entry from theSource to update from
drop-down.
- Type the name of the playbook (
CBC Alerts
) in the search bar below the drop-down menu.
Playbooks
The Carbon Black Cloud Alert Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types.
The Carbon Black Cloud Asset Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR based on endpoint device details. There are basic actions for managing alerts and endpoints.
Give Feedback
New survey coming soon!
Last modified on May 5, 2023