Carbon Black Enterprise Protection

Details
Content
Dependencies
Version History

Carbon Black Enterprise Protection is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Automations

Name	Description
CBPBanHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPFindComputer	Find a computer in CBEP/Bit9.
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPApproveHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Playbooks

Name	Description
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).

Automations

Name	Description
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPApproveHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPFindComputer	Find a computer in CBEP/Bit9.
CBPBanHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Playbooks

Name	Description
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.0.49 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.0.48 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.0.47 - 5591931 (October 27, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41061

Download

1.0.46 - 4583601 (August 20, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.0.45 - 4096037 (July 8, 2025)

Scripts

CBPFindRule

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.0.44 - R3980324 (June 26, 2025)

Integrations

VMware Carbon Black App Control v2

Metadata and documentation improvements.

Scripts

CBPFindRule

Metadata and documentation improvements.

CBPFindComputer

Metadata and documentation improvements.

CBPCatalogFindHash

Metadata and documentation improvements.

Related pull requests:
- 38987

Download

1.0.49 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.0.48 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.0.47 - 5591931 (October 27, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41061

Download

1.0.46 - 4583601 (August 20, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.0.45 - 4096037 (July 8, 2025)

Scripts

CBPFindRule

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.0.44 - R3980324 (June 26, 2025)

Integrations

VMware Carbon Black App Control v2

Metadata and documentation improvements.

Scripts

CBPFindRule

Metadata and documentation improvements.

CBPFindComputer

Metadata and documentation improvements.

CBPCatalogFindHash

Metadata and documentation improvements.

Related pull requests:
- 38987

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	December 29, 2020
Last Release	March 23, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.