About the Splunk Add-on for Carbon Black
|Vendor Product(s)||Carbon Black Response 4.2+, Carbon Black Response 6.3.1, Carbon Black EDR 7.4.0|
As of version 1.1.0, the Splunk Add-on for Bit9 Carbon Black is now called the Splunk Add-on for Carbon Black.
The Splunk Add-on for Carbon Black allows a Splunk platform administrator to collect notifications and event data in JSON format from Carbon Black Response servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
Download the Splunk Add-on for Carbon Black from Splunkbase at http://splunkbase.splunk.com/app/2790.
Discuss the Splunk Add-on for Carbon Black on Splunk Answers at http://answers.splunk.com/answers/app/2790.
Hardware and software requirements for the Splunk Add-on for Carbon Black
This documentation applies to the following versions of Splunk® Supported Add-ons: released