
Source types for the Splunk Add-on for Carbon Black
The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.
Data source | Source type | Event type | CIM compliance |
---|---|---|---|
JSON file | bit9:carbonblack:json
|
bit9_carbonblack_alert
|
Alerts, Intrusion Detection |
bit9_carbonblack_change_analysis
|
Change Analysis | ||
bit9_carbonblack_application_state
|
Application State | ||
bit9_carbonblack_network
|
Network Traffic | ||
carbonblack_endpoint_processes
|
Endpoint | ||
carbonblack_endpoint_filesystem
|
Endpoint | ||
carbonblack_endpoint_registry
|
Endpoint |
PREVIOUS Lookups for the Splunk Add-on for Carbon Black |
NEXT Release notes for the Splunk Add-on for Carbon Black |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!