Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
Splunk Add-on for Carbon Black app icon

Splunk Add-on for Carbon Black

The Splunk Add-on for Carbon Black (formerly Splunk Add-on for Bit9 Carbon Black) allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

Built by Splunk LLC
splunk product badge
Latest Version 3.0.0
August 27, 2025
Compatibility
Not Available
Platform Version: 10.0, 9.4, 9.3, 9.2
CIM Version: 6.x
Rating

0

(0)

Log in to rate this app
Support
Splunk Add-on for Carbon Black support icon
Splunk Supported addon
The Splunk Add-on for Carbon Black (formerly Splunk Add-on for Bit9 Carbon Black) allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. Note: In order to get the Carbon Black Server data into JSON format, you need to download and run a script from Carbon Black.

Categories

Created By

Splunk LLC

Type

addon

Downloads

14,007

Licensing

Splunk Answers

Resources

Log in to report this app listing