Skip to content

carbonblack/splunk-soar-content

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

custom_functions

custom_functions

 
 

CBC Alerts.json

CBC Alerts.json

 
 

CBC Alerts.py

CBC Alerts.py

 
 

CBC Assets.json

CBC Assets.json

 
 

CBC Assets.py

CBC Assets.py

 
 

README.md

README.md

 
 

get_process_analysis_url.json

get_process_analysis_url.json

 
 

get_process_analysis_url.py

get_process_analysis_url.py

 
 

Repository files navigation

splunk-soar-content

A public repository for Splunk SOAR playbooks that use the VMware Carbon Black Cloud App.

Overview:

The Carbon Black Cloud Alert Playbook strings together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types. For information about the Carbon Black Cloud Splunk App and how to use this playbook, visit the Carbon Black Developer Network

Configure the repository in Splunk SOAR

  • In Splunk SOAR, go to the playbooks page
  • Click the "Manage source control" button
  • Under the "Repositories" drop-down select "Configure a new repository"
  • Under "Repo URL" put "https://github.com/carbonblack/splunk-soar-content.git"
  • Under "Branch name" put "main"
  • Under "Repo name" put "cbc-playbooks"
  • Leave "Username" and "Password" fields empty
  • Click "Save"
  • Back to the playbooks page click the "Update from source control" button
  • On the "Source to update from" choose your newly created repository name

About

No description, website, or topics provided.

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages