Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Carbon Black

Latest version

The latest version of the Splunk Add-on for Carbon Black is version 2.0.0. See "Release notes for the Splunk Add-on for Carbon Black" for the release notes of this latest version.


Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Carbon Black is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM 4.13
Platforms Platform independent
Vendor Products Carbon Black Response 4.2+, Carbon Black Response 6.3.1

New or changed features

  • Improved load balancing on the universal forwarder
  • Compatibility for Carbon Black Response Server 6.3.1
  • Compatibility for cb-event-forwarder 3.5.0
  • Compatibility for CIM 4.13
  • Updated inputs.conf.template to monitor directory instead of file
  • Starting in version 1.1.0, the values for vendor, product and vendor_product have been updated as below:-
Field Value in version 1.0.1 Value in version 1.1.0
vendor Bit9 Carbon Black
product Carbon Black CB Response
vendor_product Bit9 Carbon Black Carbon Black CB Response

Fixed issues

Version 1.1.0 of the Splunk Add-on for Carbon Black fixes the following issues.


Date resolved Issue number Description
2019-05-20 ADDON-21945 Update/add regex to incorporate "ingress.event.childproc" as is_process
2019-05-20 ADDON-21989 Change fieldalias to eval to avoid overriding of process_id when pid is blank

Known issues

Version 1.1.0 of the Splunk Add-on for Carbon Black contains no known issues.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Carbon Black does not incorporate any third-party software or libraries.

Version 1.0.1

Version 1.0.1 of the Splunk Add-on for Bit9 Carbon Black is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Platform independent
Vendor Products Carbon Black Server (CBS) 4.2 or later

Fixed issues

Version 1.0.1 of the Splunk Add-on for Bit9 Carbon Black fixes the following issues.

Date Issue number Description
2015-10-13 ADDON-4350 Alert data should be mapped to IDS data model.
2015-10-11 ADDON-6008 Failed field EVAL for 'dvc' and 'dest'

Known issues

Version 1.0.1 of the Splunk Add-on for Bit9 Carbon Black contains no known issues.

Third-party software attributions

Version 1.0.1 of the Splunk Add-on for Splunk Add-on for Bit9 Carbon Black does not incorporate any third-party software or libraries.


Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Bit9 Carbon Black has the same compatibility specifications as version 1.0.1.

New features

Version 1.0.0 of the Splunk Add-on for Bit9 Carbon Black has the following new features.

Date Issue number Description
2015-06-11 ADDON-1096 Create Add-on to support Bit9 Carbon Black as a data source.

Known issues

Version 1.0.0 of the Splunk Add-on for Bit9 Carbon Black contains the following known issues.

Filed Date Issue number Description
2015-10-11 ADDON-6008 Failed field EVAL for 'dvc' and 'dest'
2015-06-25 ADDON-4350 Alert data should be mapped to IDS data model.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Splunk Add-on for Bit9 Carbon Black does not incorporate any third-party software or libraries.

Last modified on 21 July, 2021
PREVIOUS
Release notes for the Splunk Add-on for Carbon Black
 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters