Carbon Black Cloud Playbooks for Splunk SOAR

Currently there is one playbook, Carbon Black Cloud Alert Playbook, available for Carbon Black Cloud which automates reactions to an alert.


  • Check the Splunk SOAR documentation on how to access the source control settings in Splunk SOAR
  • Under Repo URL put
  • Under Branch Name put main
  • Leave both Username and Password or access token blank
  • Under Repo name put cbc-playbooks and click Save
  • Click the "Update from source control" button and choose your new Repo entry from the Source to update from drop-down.
  • Type the name of the playbook (CBC Alerts) in the search bar below the drop-down menu.


The Carbon Black Cloud Alert Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types.

Last modified on February 3, 2023