Carbon Black Cloud Splunk App - Release Notes

Release notes

Version 1.1.10

  • New Features

    • New Modular Input for Authentication Events
    • New Alert Action to enrich Alerts with related Observations
      • More detail about observations is available here
  • Improvements

    • On the configuration page, the label Disabled has been changed to Active
  • Fixes

    • Fixed logic regression with Live Query Inputs
    • In multiple modular inputs, decimal notation IP address are converted to string notation
    • Improved mapping between Data Forwarder input and Dashboards

Version 1.1.9

  • Fixes
    • Updated Alert Actions for better consistency
    • Reviewed and updated for CIM 5.1

Version 1.1.8

  • Fixes
    • Fix Carbon Black Cloud configuration of Alert Actions from not being displayed in Splunk Cloud

Version 1.1.7

  • Fixes
    • Updated vulnerability input to better perform paginating of large data sets. 10K is now the default limit per request.
    • Update Alert Actions for better Enterprise Security integration.
    • Fixed bug in main index configuration interface.

Version 1.1.6

  • Fixes
    • Updated Alert Action to allow Splunk index naming conventions.

Version 1.1.5

  • Fixes
    • Updated client handler to process more than 2500 remediation results without a failure in code.
    • Updated client handler to capture 410 errors on live query result histories, and save the checkpoint.
    • Backoff timing when making API calls for the ProcessGUID action for calls that take a longer period to complete.

Version 1.1.4

Version 1.1.3

  • Fixes
    • Set trigger to reload custom config files
    • Removed settings that are not used
    • Removed links to a deprecated library

Version 1.1.2

  • Improvements
    • Set SimpleXML Version Tag
  • Fixes
    • Check Splunk 8.1 and 8.2 compatability with jQuery 3.5
    • Add validation checks for trailling slash on Carbon Black Cloud URL
    • Prevent App showing CBC and EDR alert Actions
    • Fix broken tabs in Splunk 8.2

Version 1.1.1

Version 1.1.0

  • New Features
    • Data Input - Audit Logs
    • Data Input - Live Query Results
    • Data Input - Vulnerability Assessment
    • Dashboard - Devices
    • Dashboard - Processes
    • Dashboard - Vulnerabilities
    • Alert Action - Run Live Query
    • Alert Action - Dismiss Alert
    • Alert Action - Update Device Policy
    • Alert Action - Process GUID Details
    • Alert Action - Ban Hash
    • Alert Action - Enrich CB Analytic Events
    • Command - CBC Device Info
    • Command - CBC Hash Info
  • Improvements
    • Events Dashboard performance improvements
    • Update “Top 10 CB Analytics” panel
    • Stability improvements in Alerts Inputs

Version 1.0.0

  • Initial Release

Give Feedback

Use this form to give us feedback about this site or any of the documentation.


Last modified on August 17, 2023