Carbon Black Cloud Splunk App - Release Notes
Release notes
Version 1.1.10
-
New Features
- New Modular Input for Authentication Events
- New Alert Action to enrich Alerts with related Observations
- More detail about observations is available here
-
Improvements
- On the configuration page, the label
Disabled
has been changed toActive
- On the configuration page, the label
-
Fixes
- Fixed logic regression with Live Query Inputs
- In multiple modular inputs, decimal notation IP address are converted to string notation
- Improved mapping between Data Forwarder input and Dashboards
Version 1.1.9
Fixes
- Updated Alert Actions for better consistency
- Reviewed and updated for CIM 5.1
Version 1.1.8
Fixes
- Fix Carbon Black Cloud configuration of Alert Actions from not being displayed in Splunk Cloud
Version 1.1.7
Fixes
- Updated vulnerability input to better perform paginating of large data sets. 10K is now the default limit per request.
- Update Alert Actions for better Enterprise Security integration.
- Fixed bug in main index configuration interface.
Version 1.1.6
Fixes
- Updated Alert Action to allow Splunk index naming conventions.
Version 1.1.5
Fixes
- Updated client handler to process more than 2500 remediation results without a failure in code.
- Updated client handler to capture 410 errors on live query result histories, and save the checkpoint.
- Backoff timing when making API calls for the ProcessGUID action for calls that take a longer period to complete.
Version 1.1.4
Improvements
- Improved reliability of saving new & updated app configurations
- Added source type for Watchlist Hits via the Data Forwarder, vmware:cbc:s3:watchlist:hits
Version 1.1.3
Fixes
- Set trigger to reload custom config files
- Removed settings that are not used
- Removed links to a deprecated library
Version 1.1.2
Improvements
- Set SimpleXML Version Tag
Fixes
- Check Splunk 8.1 and 8.2 compatability with jQuery 3.5
- Add validation checks for trailling slash on Carbon Black Cloud URL
- Prevent App showing CBC and EDR alert Actions
- Fix broken tabs in Splunk 8.2
Version 1.1.1
Known Issues
Improvements
- Updated CBC SDK to v1.2.3 - Release Notes
- Added a warning when more than one VMware CBC App is installed on the node. If you see this message, reference the Deployment Guide below and delete extra copies of VMware CBC apps/add-ons
- Added an app configuration demo video
- Added a Splunk FAQ to Developer Network
Fixes
- Fixed Proxy issue
- Fixed error with Checkboxes on Proxy Configuration Tab
- Updated logging modules to respect log.cfg settings
Version 1.1.0
New Features
- Data Input - Audit Logs
- Data Input - Live Query Results
- Data Input - Vulnerability Assessment
- Dashboard - Devices
- Dashboard - Processes
- Dashboard - Vulnerabilities
- Alert Action - Run Live Query
- Alert Action - Dismiss Alert
- Alert Action - Update Device Policy
- Alert Action - Process GUID Details
- Alert Action - Ban Hash
- Alert Action - Enrich CB Analytic Events
- Command - CBC Device Info
- Command - CBC Hash Info
Improvements
- Events Dashboard performance improvements
- Update “Top 10 CB Analytics” panel
- Stability improvements in Alerts Inputs
Version 1.0.0
- Initial Release
Give Feedback
Use this form to give us feedback about this site or any of the documentation.
Last modified on August 17, 2023