CarbonBlack Playbook

This Playbook template will allow you to deploy a Yara rule to Carbon Black’s Yara Manager. The Playbook uses a User Action Trigger which presents a button on the Details page of Signature groups that, when pressed, will gather the contents of the Signature and SCP them over via SSH to the host running the Yara Manager. SSH is required because there is currently no API endpoint for uploading Yara rules.

This app can be found in the ThreatConnect App Catalog under the name: Deploy Yara Rule to CarbonBlack