Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Splunk Add-on for Carbon Black

Version 2.0.0
Vendor Product(s) Carbon Black Response 4.2+, Carbon Black Response 6.3.1, Carbon Black EDR 7.4.0

As of version 1.1.0, the Splunk Add-on for Bit9 Carbon Black is now called the Splunk Add-on for Carbon Black.

The Splunk Add-on for Carbon Black allows a Splunk platform administrator to collect notifications and event data in JSON format from Carbon Black Response servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.


Download the Splunk Add-on for Carbon Black from Splunkbase at http://splunkbase.splunk.com/app/2790.

Discuss the Splunk Add-on for Carbon Black on Splunk Answers at http://answers.splunk.com/answers/app/2790.

Last modified on 21 July, 2021
  NEXT
Hardware and software requirements for the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters