The Carbon Black Cloud App for Splunk SOAR allows administrators and security analysts to leverage the industry leading cloud-based, next generation anti-virus solution to prevent malware and non-malware attacks.

The Carbon Black Cloud App for Splunk SOAR gives access to alerts through the REST API and provides a set of actions that allow you to orchestrate and automate complex tasks within the enterprise environment.

The Carbon Black Cloud App for Splunk SOAR contains 42 SOAR actions.


  • Access to Carbon Black Cloud
  • Splunk SOAR version 5.3.0+

Data Ingestion

There are two methods of data ingestion:

Data ingestion requires a custom type API key for data inputs and SOAR actions.

Additional Resources and Support

  • Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community.
  • View all API and integration offerings on the Developer Network along with reference documentation, video tutorials, and how-to guides.
  • Report bugs and submit change requests to Broadcom Carbon Black Support.