Latest Version 2.0.1
April 30, 2025
Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
VMware Carbon Black Cloud for Splunk SOAR
Carbon Black Cloud App for Splunk SOAR
Built by
Compatibility
SOAR On-Prem, SOAR Cloud
Platform Version: 8.4, 8.0, 7.2, 7.1, 7.0, 6.4, 6.3, 6.2, 6.1
Rating
0
(0)
Log in to rate this app
Support
Developer Supported connector
Carbon Black Cloud App for Splunk SOAR
Supported Actions
- test connectivity: Validate the asset configuration for connectivity with the supplied configuration
- on poll: Callback action for the on_poll ingest functionality
- normalize artifact: Normalize artifact ingested by Splunk App for Splunk Phantom
- dismiss alert: Dismiss Carbon Black Cloud alert
- dismiss future alerts: Dismiss Carbon Black Cloud all future alerts
- get enriched event: Get Enriched Event
- get observations: Get Observations
- get file: Get File
- delete file: Delete File
- get binary file: Get Binary File
- kill process: Kill process on Carbon Black Cloud endpoint
- get binary metadata: Get binary metadata from Carbon Black Cloud
- get process metadata: Get Process Metadata
- quarantine device: Quarantine device in Carbon Black Cloud
- unquarantine device: Unquarantine device in Carbon Black Cloud
- ban hash: Ban process by hash in Carbon Black Cloud
- unban hash: Unban process by hash in Carbon Black Cloud
- list policies: List device policies in Carbon Black Cloud
- set device policy: Set device policy of a Carbon Black Cloud endpoint
- add ioc: Add IOC to feed/watchlist in Carbon Black Cloud
- remove watchlist ioc: Remove IOC from watchlist in Carbon Black Cloud
- remove feed ioc: Remove IOC from feed in Carbon Black Cloud
- list processes: List processes on a device in Carbon Black Cloud
- execute command: Execute command on a device in Carbon Black Cloud
- create report: Create a report in Carbon Black Cloud
- delete report: Delete a report in Carbon Black Cloud feed or watchlist
- create feed: Create a feed in Carbon Black Cloud
- create watchlist: Create a watchlist in Carbon Black Cloud
- delete feed: Delete a feed in Carbon Black Cloud
- delete watchlist: Delete a watchlist in Carbon Black Cloud
- retrieve watchlist: Retrieve a watchlist in Carbon Black Cloud
- retrieve feed: Retrieve a feed in Carbon Black Cloud
- retrieve iocs: Retrieve IOCs for a given report in Carbon Black Cloud
- update feed: Update a feed in Carbon Black Cloud
- update watchlist: Update a watchlist in Carbon Black Cloud
- get scheduled task: Get Scheduled Task Created in Carbon Black Cloud
- get cron jobs: Get Cron Jobs in Carbon Black Cloud
- get asset info: Get Asset Info
- get cleared eventlogs: Get Cleared Event Logs
- list persistence locations: List Windows Persistence Locations
- get rdp info: Get RDP Connection Information
- list logged users: List Logged In Users
Categories
Endpoint
Created By
SOAR Community
Source Code
carbonblackcloud(Opens new window)Type
connector
Downloads
467
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing