Carbon Black Enterprise Protection

Details
Content
Dependencies
Version History

Carbon Black Enterprise Protection is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Automations

Name	Description
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPApproveHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPFindComputer	Find a computer in CBEP/Bit9.
CBPBanHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Playbooks

Name	Description
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.

Automations

Name	Description
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPFindComputer	Find a computer in CBEP/Bit9.
CBPApproveHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPBanHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Playbooks

Name	Description
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.1.1 - 8429843 (April 23, 2026)

Integrations

VMware Carbon Black App Control v2

Fixed an issue where an invalid HTTP request was sent as part of the cbp-user-disable command.

Related pull requests:
- 43985

Download

1.1.0 - 8315166 (April 16, 2026)

Integrations

VMware Carbon Black App Control v2

Added support for the cbp-user-disable command that sends request to disable user account.
Added support for the cbp-user-data-get command that retrieves all user account data.
Updated the Docker image to: demisto/python3:3.12.13.8294662.

Related pull requests:
- 43926
- 43696

Download

1.0.49 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.0.48 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.0.47 - 5591931 (October 27, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41061

Download

1.0.46 - 4583601 (August 20, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.0.45 - 4096037 (July 8, 2025)

Scripts

CBPFindRule

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.0.44 - R3980324 (June 26, 2025)

Integrations

VMware Carbon Black App Control v2

Metadata and documentation improvements.

Scripts

CBPFindRule

Metadata and documentation improvements.

CBPFindComputer

Metadata and documentation improvements.

CBPCatalogFindHash

Metadata and documentation improvements.

Related pull requests:
- 38987

Download

1.1.1 - 8429843 (April 23, 2026)

Integrations

VMware Carbon Black App Control v2

Fixed an issue where an invalid HTTP request was sent as part of the cbp-user-disable command.

Related pull requests:
- 43985

Download

1.1.0 - 8315166 (April 16, 2026)

Integrations

VMware Carbon Black App Control v2

Added support for the cbp-user-disable command that sends request to disable user account.
Added support for the cbp-user-data-get command that retrieves all user account data.
Updated the Docker image to: demisto/python3:3.12.13.8294662.

Related pull requests:
- 43926
- 43696

Download

1.0.49 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.0.48 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.0.47 - 5591931 (October 27, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41061

Download

1.0.46 - 4583601 (August 20, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.0.45 - 4096037 (July 8, 2025)

Scripts

CBPFindRule

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.0.44 - R3980324 (June 26, 2025)

Integrations

VMware Carbon Black App Control v2

Metadata and documentation improvements.

Scripts

CBPFindRule

Metadata and documentation improvements.

CBPFindComputer

Metadata and documentation improvements.

CBPCatalogFindHash

Metadata and documentation improvements.

Related pull requests:
- 38987

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	December 29, 2020
Last Release	April 23, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.