Carbon Black Cloud Splunk App - Release Notes
- Fix Carbon Black Cloud configuration of Alert Actions from not being displayed in Splunk Cloud.
- Updated vulnerability input to better perform paginating of large data sets. 10K is now the default limit per request.
- Update Alert Actions for better Enterprise Security integration.
- Fixed bug in main index configuration interface.
- Updated Alert Action to allow Splunk index naming conventions.
- Updated client handler to process more than 2500 remediation results without a failure in code.
- Updated client handler to capture 410 errors on live query result histories, and save the checkpoint.
- Backoff timing when making API calls for the ProcessGUID action for calls that take a longer period to complete.
- Improved reliability of saving new & updated app configurations
- Added source type for Watchlist Hits via the Data Forwarder, vmware:cbc:s3:watchlist:hits
- Set trigger to reload custom config files
- Removed settings that are not used
- Removed links to a deprecated library
- Set SimpleXML Version Tag
- Check Splunk 8.1 and 8.2 compatability with jQuery 3.5
- Add validation checks for trailling slash on Carbon Black Cloud URL
- Prevent App showing CBC and EDR alert Actions
- Fix broken tabs in Splunk 8.2
- Updated CBC SDK to v1.2.3 - Release Notes
- Added a warning when more than one VMware CBC App is installed on the node. If you see this message, reference the Deployment Guide below and delete extra copies of VMware CBC apps/add-ons
- Added an app configuration demo video
- Added a Splunk FAQ to Developer Network
- Fixed Proxy issue
- Fixed error with Checkboxes on Proxy Configuration Tab
- Updated logging modules to respect log.cfg settings
- Data Input - Audit Logs
- Data Input - Live Query Results
- Data Input - Vulnerability Assessment
- Dashboard - Devices
- Dashboard - Processes
- Dashboard - Vulnerabilities
- Alert Action - Run Live Query
- Alert Action - Dismiss Alert
- Alert Action - Update Device Policy
- Alert Action - Process GUID Details
- Alert Action - Ban Hash
- Alert Action - Enrich CB Analytic Events
- Command - CBC Device Info
- Command - CBC Hash Info
- Events Dashboard performance improvements
- Update “Top 10 CB Analytics” panel
- Stability improvements in Alerts Inputs
- Initial Release