Carbon Black Enterprise Protection

Details
Content
Dependencies
Version History

Carbon Black Enterprise Protection is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Automations

Name	Description
CBPApproveHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPFindComputer	Find a computer in CBEP/Bit9.
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPBanHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Playbooks

Name	Description
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).

Automations

Name	Description
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPBanHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPApproveHash	Deprecated. Use the cbp-fileRule-createOrUpdate command instead.
CBPFindComputer	Find a computer in CBEP/Bit9.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Playbooks

Name	Description
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.0.46 - 4583601 (August 20, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.0.45 - 4096037 (July 8, 2025)

Scripts

CBPFindRule

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.0.44 - R3980324 (June 26, 2025)

Integrations

VMware Carbon Black App Control v2

Metadata and documentation improvements.

Scripts

CBPFindRule

Metadata and documentation improvements.

CBPFindComputer

Metadata and documentation improvements.

CBPCatalogFindHash

Metadata and documentation improvements.

Related pull requests:
- 38987

Download

1.0.43 - R1973041 (January 13, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Scripts

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.11.10.115186.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.11.10.115186.

CBPFindRule

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.0.42 - R1681986 (November 21, 2024)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

1.0.46 - 4583601 (August 20, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

1.0.45 - 4096037 (July 8, 2025)

Scripts

CBPFindRule

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.0.44 - R3980324 (June 26, 2025)

Integrations

VMware Carbon Black App Control v2

Metadata and documentation improvements.

Scripts

CBPFindRule

Metadata and documentation improvements.

CBPFindComputer

Metadata and documentation improvements.

CBPCatalogFindHash

Metadata and documentation improvements.

Related pull requests:
- 38987

Download

1.0.43 - R1973041 (January 13, 2025)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Scripts

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.11.10.115186.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.11.10.115186.

CBPFindRule

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.0.42 - R1681986 (November 21, 2024)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	December 29, 2020
Last Release	August 20, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.