Carbon Black Cloud Playbooks for Splunk SOAR


Currently there are two playbooks, CBC Alerts and CBC Assets, available for Carbon Black Cloud which automates reactions to an alert based on alert or asset properties.

Setup

  • Check the Splunk SOAR documentation on how to access the source control settings in Splunk SOAR
  • Under Repo URL put https://github.com/carbonblack/splunk-soar-content.git
  • Under Branch Name put main
  • Leave both Username and Password or access token blank
  • Under Repo name put cbc-playbooks and click Save
  • Click the "Update from source control" button and choose your new Repo entry from the Source to update from drop-down.
  • Type the name of the playbook (CBC Alerts) in the search bar below the drop-down menu.

Playbooks

The Carbon Black Cloud Alert Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types.

The Carbon Black Cloud Asset Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR based on endpoint device details. There are basic actions for managing alerts and endpoints.



Give Feedback

New survey coming soon!


Last modified on May 5, 2023