Splunk Add-on for Carbon Black

The Splunk Add-on for Carbon Black (formerly Splunk Add-on for Bit9 Carbon Black) allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. Note: In order to get the Carbon Black Server data into JSON format, you need to download and run a script from Carbon Black.

Built by Splunk LLC

Latest Version 2.1.0

March 7, 2022

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1

CIM Version: 5.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

The Splunk Add-on for Carbon Black (formerly Splunk Add-on for Bit9 Carbon Black) allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. Note: In order to get the Carbon Black Server data into JSON format, you need to download and run a script from Carbon Black.