Carbon Black Enterprise Protection

Details
Content
Dependencies
Version History

Carbon Black Enterprise Protection is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Playbooks

Name	Description
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Automations

Name	Description
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPFindComputer	Find a computer in CBEP/Bit9.

Playbooks

Name	Description
Carbon black Protection Rapid IOC Hunting	Hunt for endpoint activity involving hash and domain IOCs, using Carbon black Protection (Bit9).
Search Endpoints By Hash - Carbon Black Protection	Hunt for endpoint activity involving hash IOCs, using Carbon Black Protection.

Integrations

Name	Description
VMware Carbon Black App Control v2	VMware Carbon Black App Control (formerly known as Carbon Black Enterprise Protection) is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform. This integration only supports Carbon Black on-premise APIs.

Automations

Name	Description
CBPCatalogFindHash	Search the CBP/Bit9 file catalog for an md5 hash.
CBPFindRule	Find the rule state for a hash value in CBEP/Bit9.
CBPFindComputer	Find a computer in CBEP/Bit9.

Required Content Packs (2)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
MITRE ATT&CK	By: Cortex XSOAR

1.0.34 - R5170573 (May 2, 2023)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25970

Download

1.0.33 - 4960979 (April 3, 2023)

Integrations

VMware Carbon Black App Control v2

Added the fields parameter to the cbp-computer-search command to allow limiting of fields returned by the API introduced in version 8.1 of Carbon Black App Control.
Updated the Docker image to: demisto/python3:3.10.10.51930.

Related pull requests:
- 25638
- 25712

Download

1.0.32 - 4885523 (March 23, 2023)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25474

Download

1.0.31 - 4818573 (March 15, 2023)

Scripts

CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.10.10.48392.

CBPFindComputer

Updated the Docker image to: demisto/python3:3.10.10.48392.

CBPFindRule

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 25256

Download

1.0.30 - R4718798 (March 1, 2023)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24908

Download

1.0.29 - R4646022 (February 19, 2023)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.8.37233.

Related pull requests:
- 22175

Download

1.0.28 - 3635034 (September 10, 2022)

Scripts

New: CBPCatalogFindHash

Updated the Docker image to: demisto/python3:3.10.6.33415.

CBPBanHash

Deprecated. Use the cbp-fileRule-createOrUpdate command instead.

New: CBPFindRule

Updated the Docker image to: demisto/python3:3.10.6.33415.

CBPApproveHash

Deprecated. Use the cbp-fileRule-createOrUpdate command instead.

New: CBPFindComputer

Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 21061

Download

1.0.27 - 3520117 (August 23, 2022)

Integrations

VMware Carbon Black App Control v2

Fixed an issue where the update_computer command did not update the localApproval argument.

Related pull requests:
- 20734

Download

1.0.26 - 3254147 (July 13, 2022)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20022

Download

1.0.25 - 3178125 (June 29, 2022)

Scripts

CBPApproveHash

Fixed an issue where the script used cbp-fileRule-update which is deprecated, the script is now using cbp-fileRule-createOrUpdate instead.

CBPBanHash

Fixed an issue where the script used cbp-fileRule-update which is deprecated, the script is now using cbp-fileRule-createOrUpdate instead.

Related pull requests:
- 19312

Download

1.0.24 - 3080614 (June 13, 2022)

Integrations

VMware Carbon Black App Control v2

Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19515

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	December 29, 2020
Last Release	May 2, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.