Release notes for the Splunk Add-on for Carbon Black
Version 2.1.0 of the Splunk Add-on for Carbon Black was released on March 7, 2022 and is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.0 |
| Platforms | Platform independent |
| Vendor Products | Carbon Black Response 4.2, Carbon Black Response 6.3.1, Carbon Black Response 7.4.0, Carbon Black EDR 7.6.1 |
New or changed features
- Added support for the latest Carbon Black EDR version v7.6.1.
- Provided compatibility with the latest CIM version v5.0.0.
- Fixed the
_timefield extraction issue when data is collected over HEC. Previously_timeindicated the ingestion time of the event, as of this version the actual timestamp value in the event is used.
- Fixed extraction for
file_pathfield to extract with a single slash instead of double slashes. - Corrected the
userfield extraction by removing incorrect values for some events.
Fixed issues
Version 2.1.0 of the Splunk Add-on for Carbon black fixes the following issues. If no issues appear below, no issues have yet been reported.
Known issues
Version 2.1.0 of the Splunk Add-on for Cisco ESA contains the following resolved issues.
If no issues appear below, no issues have yet been reported.
Known issues
Version 2.1.0 of the Splunk Add-on for Cisco ESA contains the following known issues.
If no issues appear below, no issues have yet been reported.
Third-party software attributions
Version 2.1.0 of the Splunk Add-on for Carbon Black incorporates the following third-party software or libraries.
| Source types for the Splunk Add-on for Carbon Black | Release history for the Splunk Add-on for Carbon Black |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!