This workflow template automates Carbon Black alert notifications by scheduling checks for new alerts, and using Slack for user verification. It triggers on a set interval, creates time stamps to define the search period, queries Carbon Black for alerts filtered by policy, groups results, and notifies users via Slack. The aim is to swiftly detect potentially unauthorized endpoint activities, prompt for immediate user verification, and execute swift incident response procedures if needed.
Trigger
Scheduled Event
Optional Triggers
Webhook,Slack
Use Cases
Endpoint Detection and Response (EDR)
Workflow Breakdown
Schedule an execution trigger
Create timestamps for the current time interval
Query the Carbon Black alerts filtered by policy
Loop over results and trigger the nested workflow to alert users via Slack
Vendors
Slack, Utils, Carbon Black
Workflow Output
Alerts via Slack to user for found alerts