VMware Carbon Black Cloud for Splunk SOAR app icon

VMware Carbon Black Cloud for Splunk SOAR

Carbon Black Cloud App for Splunk SOAR

Built by
soar product badge
Latest Version 2.0.1
April 30, 2025
Compatibility
SOAR On-Prem, SOAR Cloud
Platform Version: 8.4, 8.0, 7.2, 7.1, 7.0, 6.4, 6.3, 6.2, 6.1
Rating

0

(0)

Log in to rate this app
Support
VMware Carbon Black Cloud for Splunk SOAR support icon
Developer Supported connector
Carbon Black Cloud App for Splunk SOAR

Supported Actions

  • test connectivity: Validate the asset configuration for connectivity with the supplied configuration
  • on poll: Callback action for the on_poll ingest functionality
  • normalize artifact: Normalize artifact ingested by Splunk App for Splunk Phantom
  • dismiss alert: Dismiss Carbon Black Cloud alert
  • dismiss future alerts: Dismiss Carbon Black Cloud all future alerts
  • get enriched event: Get Enriched Event
  • get observations: Get Observations
  • get file: Get File
  • delete file: Delete File
  • get binary file: Get Binary File
  • kill process: Kill process on Carbon Black Cloud endpoint
  • get binary metadata: Get binary metadata from Carbon Black Cloud
  • get process metadata: Get Process Metadata
  • quarantine device: Quarantine device in Carbon Black Cloud
  • unquarantine device: Unquarantine device in Carbon Black Cloud
  • ban hash: Ban process by hash in Carbon Black Cloud
  • unban hash: Unban process by hash in Carbon Black Cloud
  • list policies: List device policies in Carbon Black Cloud
  • set device policy: Set device policy of a Carbon Black Cloud endpoint
  • add ioc: Add IOC to feed/watchlist in Carbon Black Cloud
  • remove watchlist ioc: Remove IOC from watchlist in Carbon Black Cloud
  • remove feed ioc: Remove IOC from feed in Carbon Black Cloud
  • list processes: List processes on a device in Carbon Black Cloud
  • execute command: Execute command on a device in Carbon Black Cloud
  • create report: Create a report in Carbon Black Cloud
  • delete report: Delete a report in Carbon Black Cloud feed or watchlist
  • create feed: Create a feed in Carbon Black Cloud
  • create watchlist: Create a watchlist in Carbon Black Cloud
  • delete feed: Delete a feed in Carbon Black Cloud
  • delete watchlist: Delete a watchlist in Carbon Black Cloud
  • retrieve watchlist: Retrieve a watchlist in Carbon Black Cloud
  • retrieve feed: Retrieve a feed in Carbon Black Cloud
  • retrieve iocs: Retrieve IOCs for a given report in Carbon Black Cloud
  • update feed: Update a feed in Carbon Black Cloud
  • update watchlist: Update a watchlist in Carbon Black Cloud
  • get scheduled task: Get Scheduled Task Created in Carbon Black Cloud
  • get cron jobs: Get Cron Jobs in Carbon Black Cloud
  • get asset info: Get Asset Info
  • get cleared eventlogs: Get Cleared Event Logs
  • list persistence locations: List Windows Persistence Locations
  • get rdp info: Get RDP Connection Information
  • list logged users: List Logged In Users

Categories

Endpoint

Created By

SOAR Community

Source Code

carbonblackcloud(Opens new window)

Type

connector

Downloads

480

Licensing

2-clause BSD License(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing