Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF


Release notes for the Splunk Add-on for Carbon Black

Version 2.1.0 of the Splunk Add-on for Carbon Black was released on March 7, 2022 and is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.0
Platforms Platform independent
Vendor Products Carbon Black Response 4.2, Carbon Black Response 6.3.1, Carbon Black Response 7.4.0, Carbon Black EDR 7.6.1

New or changed features

  • Added support for the latest Carbon Black EDR version v7.6.1.
  • Provided compatibility with the latest CIM version v5.0.0.
  • Fixed the _time field extraction issue when data is collected over HEC. Previously _time indicated the ingestion time of the event, as of this version the actual timestamp value in the event is used.
  • Fixed extraction for file_path field to extract with a single slash instead of double slashes.
  • Corrected the user field extraction by removing incorrect values for some events.


Fixed issues

Version 2.1.0 of the Splunk Add-on for Carbon black fixes the following issues. If no issues appear below, no issues have yet been reported.


Known issues

Version 2.1.0 of the Splunk Add-on for Cisco ESA contains the following resolved issues.

If no issues appear below, no issues have yet been reported.


Known issues

Version 2.1.0 of the Splunk Add-on for Cisco ESA contains the following known issues.

If no issues appear below, no issues have yet been reported.


Third-party software attributions

Version 2.1.0 of the Splunk Add-on for Carbon Black incorporates the following third-party software or libraries.

Last modified on 15 March, 2022
PREVIOUS
Source types for the Splunk Add-on for Carbon Black
  NEXT
Release history for the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters