Latest Version 3.0.0
August 27, 2025
The Splunk Add-on for Carbon Black (formerly Splunk Add-on for Bit9 Carbon Black) allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources