Viewing Carbon Black Cloud Playbooks for Splunk SOAR

Two Carbon Black Cloud playbooks are available to automate reactions to an alert based on alert or asset properties.

Carbon Black Cloud Alert Playbook

The Carbon Black Cloud Alert Playbook is available from 1.0.0.

The Carbon Black Cloud Playbook pulls together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR. There are basic actions for managing alerts and gathering endpoint information, and there are additional actions available per certain alert types.

Flowchart of alerts playbook

Carbon Black Cloud Asset Playbook

The Carbon Black Cloud Asset Playbook is available from 1.1.0.

The Carbon Black Cloud Asset Playbook pulls together various actions to help you automate the orchestration and remediation of alerts in Carbon Black Cloud from within Splunk SOAR based on endpoint device details. There are basic actions for managing alerts and endpoints.

Flowchart of assets playbook