Carbon Black Cloud Splunk App - Release Notes
Release notes
Version 1.1.8
Fixes
- Fix Carbon Black Cloud configuration of Alert Actions from not being displayed in Splunk Cloud.
Version 1.1.7
Fixes
- Updated vulnerability input to better perform paginating of large data sets. 10K is now the default limit per request.
- Update Alert Actions for better Enterprise Security integration.
- Fixed bug in main index configuration interface.
Version 1.1.6
Fixes
- Updated Alert Action to allow Splunk index naming conventions.
Version 1.1.5
Fixes
- Updated client handler to process more than 2500 remediation results without a failure in code.
- Updated client handler to capture 410 errors on live query result histories, and save the checkpoint.
- Backoff timing when making API calls for the ProcessGUID action for calls that take a longer period to complete.
Version 1.1.4
Improvements
- Improved reliability of saving new & updated app configurations
- Added source type for Watchlist Hits via the Data Forwarder, vmware:cbc:s3:watchlist:hits
Version 1.1.3
Fixes
- Set trigger to reload custom config files
- Removed settings that are not used
- Removed links to a deprecated library
Version 1.1.2
Improvements
- Set SimpleXML Version Tag
Fixes
- Check Splunk 8.1 and 8.2 compatability with jQuery 3.5
- Add validation checks for trailling slash on Carbon Black Cloud URL
- Prevent App showing CBC and EDR alert Actions
- Fix broken tabs in Splunk 8.2
Version 1.1.1
Known Issues
Improvements
- Updated CBC SDK to v1.2.3 - Release Notes
- Added a warning when more than one VMware CBC App is installed on the node. If you see this message, reference the Deployment Guide below and delete extra copies of VMware CBC apps/add-ons
- Added an app configuration demo video
- Added a Splunk FAQ to Developer Network
Fixes
- Fixed Proxy issue
- Fixed error with Checkboxes on Proxy Configuration Tab
- Updated logging modules to respect log.cfg settings
Version 1.1.0
New Features
- Data Input - Audit Logs
- Data Input - Live Query Results
- Data Input - Vulnerability Assessment
- Dashboard - Devices
- Dashboard - Processes
- Dashboard - Vulnerabilities
- Alert Action - Run Live Query
- Alert Action - Dismiss Alert
- Alert Action - Update Device Policy
- Alert Action - Process GUID Details
- Alert Action - Ban Hash
- Alert Action - Enrich CB Analytic Events
- Command - CBC Device Info
- Command - CBC Hash Info
Improvements
- Events Dashboard performance improvements
- Update “Top 10 CB Analytics” panel
- Stability improvements in Alerts Inputs
Version 1.0.0
- Initial Release