Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Carbon Black

The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.

Data source Source type Event type CIM compliance
JSON file bit9:carbonblack:json bit9_carbonblack_alert Alerts,
Intrusion Detection
bit9_carbonblack_change_analysis
bit9_carbonblack_application_state
bit9_carbonblack_network
carbonblack_endpoint_processes
carbonblack_endpoint_filesystem
carbonblack_endpoint_registry
edr_carbonblack_alert Alerts
edr_carbonblack_network Netwok Traffic
edr_carbonblack_endpoint_processes Endpoint
edr_carbonblack_endpoint_registry Endpoint
edr_carbonblack_endpoint_filesystem Endpoint
Last modified on 21 July, 2021
PREVIOUS
Lookups for the Splunk Add-on for Carbon Black
  NEXT
Release notes for the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters