Find the rule state for a hash value in CBEP/Bit9.
Carbon Black Enterprise Protection
- Details
- Content
- Dependencies
- Version History
Carbon Black Enterprise Protection is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.
Automations
| Name | Description |
|---|---|
| CBPFindRule | |
| CBPBanHash | Deprecated. Use the cbp-fileRule-createOrUpdate command instead. |
| CBPCatalogFindHash | Search the CBP/Bit9 file catalog for an md5 hash. |
| CBPApproveHash | Deprecated. Use the cbp-fileRule-createOrUpdate command instead. |
| CBPFindComputer | Find a computer in CBEP/Bit9. |
Integrations
| Name | Description |
|---|---|
| VMware Carbon Black App Control v2 | VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs. |
Playbooks
| Name | Description |
|---|---|
| Search Endpoints By Hash - Carbon Black Protection | Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection. |
| Carbon black Protection Rapid IOC Hunting | Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9). |
Automations
| Name | Description |
|---|---|
| CBPCatalogFindHash | Search the CBP/Bit9 file catalog for an md5 hash. |
| CBPApproveHash | Deprecated. Use the cbp-fileRule-createOrUpdate command instead. |
| CBPBanHash | Deprecated. Use the cbp-fileRule-createOrUpdate command instead. |
| CBPFindRule | Find the rule state for a hash value in CBEP/Bit9. |
| CBPFindComputer | Find a computer in CBEP/Bit9. |
Integrations
| Name | Description |
|---|---|
| VMware Carbon Black App Control v2 | VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs. |
Playbooks
| Name | Description |
|---|---|
| Search Endpoints By Hash - Carbon Black Protection | Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection. |
| Carbon black Protection Rapid IOC Hunting | Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9). |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (3)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
1.0.43 - 1718057 (November 28, 2024)
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
Integrations
VMware Carbon Black App Control v2
- Updated the Docker image to: demisto/python3:3.11.10.115186.
Scripts
CBPCatalogFindHash
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CBPFindComputer
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CBPFindRule
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | December 29, 2020 | |
| Last Release | November 28, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
