Splunk® Supported Add-ons

Splunk Add-on for Carbon Black

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Carbon Black

The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.

Data source Source type Event type CIM compliance
JSON file bit9:carbonblack:json bit9_carbonblack_alert Alerts,
Intrusion Detection
edr_carbonblack_alert Alerts
edr_carbonblack_network Netwok Traffic
edr_carbonblack_endpoint_processes Endpoint
edr_carbonblack_endpoint_registry Endpoint
edr_carbonblack_endpoint_filesystem Endpoint
Last modified on 15 March, 2022
Lookups for the Splunk Add-on for Carbon Black
Release notes for the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters