All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Which Carbon black app should be used in which scenario

achintachak12
New Member
‎10-18-2024 03:53 AM

Hello team,

I am confused to see multiple apps of Carbon Black for SOAR. Can you please suggest which one is preferable in which use case? 

Labels (1)
Labels
0 Karma
Reply

marnall
Motivator
‎10-19-2024 05:15 AM

They seem to correspond to different Carbon Black products:

https://splunkbase.splunk.com/app/5775 - Carbon Black App Control (formerly Bit9)
https://splunkbase.splunk.com/app/5774 - Carbon Black defense
https://splunkbase.splunk.com/app/5947 - Carbon Black Response
https://splunkbase.splunk.com/app/6732 - VMware Carbon Black Cloud

Which Carbon Black product are you using? If you have a contact with your Carbon Black license then perhaps you can ask them which is the most appropriate SOAR connector for your Carbon Black products. Or you could try your API keys on each product and see which one succeeds in its actions.

0 Karma
Reply

achintachak12
New Member
‎10-22-2024 02:17 AM

Thanks @marnall , I will talk to CB team for the clarity. Thanks for informing about different product types of Carbon Black. I was requiring a live query action on CB cloud app but did not find it. So was thinking if I may use any other CB app. I found the action in splunk-soar-connectors/carbonblackresponse but did not test yet whether it will work for CB cloud. Else I need to directly call the CB cloud APIs to to execute the query. I have submitted an issue for the CB cloud app to include this as an action Carbon Black live query to search devices is absent within Carbon Black cloud SOAR app · Issue #16 ·....

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...