Skip to main content
All CollectionsTemplatesBasic
Check for New Carbon Black Alerts and Notify - Workflow Template
Check for New Carbon Black Alerts and Notify - Workflow Template

This workflow periodically checks for new Carbon Black alerts and notifies end user of the alert and asks for verification of the activity

Updated over 6 months ago

This workflow template automates Carbon Black alert notifications by scheduling checks for new alerts, and using Slack for user verification. It triggers on a set interval, creates time stamps to define the search period, queries Carbon Black for alerts filtered by policy, groups results, and notifies users via Slack. The aim is to swiftly detect potentially unauthorized endpoint activities, prompt for immediate user verification, and execute swift incident response procedures if needed.

Take Me to the Template

Trigger

Scheduled Event

Optional Triggers

Webhook,Slack

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Schedule an execution trigger

  2. Create timestamps for the current time interval

  3. Query the Carbon Black alerts filtered by policy

  4. Loop over results and trigger the nested workflow to alert users via Slack

Vendors

Slack, Utils, Carbon Black

Workflow Output

Alerts via Slack to user for found alerts

Related Articles
Compliance - Find unmanaged devices in Intune and Carbon Black - Workflow Template
Open or Update a Jira Issue on an Uptycs Alert - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Validate Gem Alert Events in Slack - Workflow Template
Fetch Cyberint Alerts on a Schedule - Workflow Template
Did this answer your question?