Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Download manual as PDF

Download topic as PDF

About the Splunk Add-on for Carbon Black

Version 1.1.0
Vendor Product(s) Carbon Black Response 4.2+, Carbon Black Response 6.3.1

The Splunk Add-on for Carbon Black allows a Splunk platform administrator to collect notifications and event data in JSON format from Carbon Black Response servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

This add-on consumes Carbon Black event data from a JSON file. In order to get the Carbon Black event data into JSON format, you must download and run a utility from Carbon Black.

Starting in version 1.1.0, the Splunk Add-on for Bit9 Carbon Black has been renamed to the Splunk Add-on for Carbon Black.

Download the Splunk Add-on for Carbon Black from Splunkbase at http://splunkbase.splunk.com/app/2790.

Discuss the Splunk Add-on for Carbon Black on Splunk Answers at http://answers.splunk.com/answers/app/2790.

Source types for the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters