Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Carbon Black

The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.

Data source Source type Event type CIM compliance
JSON file bit9:carbonblack:json bit9_carbonblack_alert Alerts,
Intrusion Detection
bit9_carbonblack_change_analysis Change Analysis
bit9_carbonblack_application_state Application State
bit9_carbonblack_network Network Traffic
carbonblack_endpoint_processes Endpoint
carbonblack_endpoint_filesystem Endpoint
carbonblack_endpoint_registry Endpoint
Last modified on 05 April, 2021
PREVIOUS
Lookups for the Splunk Add-on for Carbon Black
  NEXT
Release notes for the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters