Splunk SOAR - Release Notes
Version 1.1.0
- New actions that operate on Carbon Black Cloud objects:
dismiss future alerts
- Dismiss all future Carbon Black Cloud alertsget asset info
- Get Asset Infoget cleared eventlogs
- Get Cleared Event Logsget rdp info
- Get RDP Connection Informationget scheduled task
- Get Scheduled Task Created in Carbon Black Cloudlist logged users
- List Logged In Users from Carbon Black Cloud LiveQuerylist persistence locations
- List Windows Persistence Locations
Version 1.0.1
- Carbon Black Cloud Alerts ingestion via the REST API:
- Configurable alert types
- Configurable minimum alert severity
- Proxy support (via either global or per-asset HTTPS_PROXY environment variable)
- A number of actions that operate on Carbon Black Cloud objects:
update watchlist
- Update a watchlist in Carbon Black Cloudupdate feed
- Update a feed in Carbon Black Cloudretrieve iocs
- Retrieve IOCs for a given report in Carbon Black Cloudretrieve feed
- Retrieve a feed in Carbon Black Cloudretrieve watchlist
- Retrieve a watchlist in Carbon Black Clouddelete watchlist
- Delete a watchlist in Carbon Black Clouddelete feed
- Delete a feed in Carbon Black Cloudcreate watchlist
- Create a watchlist in Carbon Black Cloudcreate feed
- Create a feed in Carbon Black Clouddelete report
- Delete a report in Carbon Black Cloud feed or watchlistcreate report
- Create a report in Carbon Black Cloudexecute command
- Execute command on a device in Carbon Black Cloudlist processes
- List processes on a device in Carbon Black Cloudremove feed ioc
- Remove IOC from feed in Carbon Black Cloudremove watchlist ioc
- Remove IOC from watchlist in Carbon Black Cloudadd ioc
- Add IOC to feed/watchlist in Carbon Black Cloudset device policy
- Set device policy of a Carbon Black Cloud endpointlist policies
- List device policies in Carbon Black Cloudunban hash
- Unban process by hash in Carbon Black Cloudban hash
- Ban process by hash in Carbon Black Cloudunquarantine device
- Unquarantine device in Carbon Black Cloudquarantine device
- Quarantine device in Carbon Black Cloudget process metadata
- Get Process Metadataget binary metadata
- Get binary metadata from Carbon Black Cloudkill process
- Kill process on Carbon Black Cloud endpointget binary file
- Get Binary Filedelete file
- Delete Fileget file
- Get Fileget enriched event
- Get Enriched Eventdismiss alert
- Dismiss Carbon Black Cloud alert
- The
normalize artifact
action to normalize artifacts ingested by the Splunk App for Splunk SOAR
Give Feedback
Use this form to give us feedback about this site or any of the documentation.
Last modified on May 4, 2023