|Vendor Products||CB ThreatHunter on the CarbonBlack PSC|
|Has index-time operations||true, the Modular Input configurations must be in place.|
|Creates an index||false|
|Implements summarization||Currently, the app does not generate summaries|
About CB ThreatHunter For Splunk
CB ThreatHunter For Splunk allows a Splunk Administrator to connect to and pull notifications from the CarbonBlack Predictive Security Cloud, with a focus on ThreatHunter information.
This App provides the following scripts:
Version 1.0.0 of CB ThreatHunter For Splunk is compatible with:
|Splunk Enterprise versions||7.1, 7.2|
Version 1.0.0 of CB ThreatHunter For Splunk has the following known issues:
Access questions and answers specific to CB ThreatHunter For Splunk at https://answers.splunk.com . Be sure to tag your question with the App.
Because this App runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download CB ThreatHunter For Splunk at https://splunkbase.splunk.com.
NOTE: Where referenced, the IA-cb_psc_for_splunk and TA-cb_psc_for_splunk versions of this App are located on Splunkbase.
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Application Configurationpage. This will determine if the data is visible in the App.
NOTE: You will need to configure a new modular input for each tenant
Create New CB ThreatHunter Input.
NOTE: When configuring the modular input through the Application Configuration dashboard, the password is automatically encrypted into the credential store. If you need to change the credential, create a new credential, and reference the realm/connector id pair in the modular input configuration. An encrypted credential is required for this Splunk App.
By default all events will be written to the main index. You should change the index in the modular input setup to specify a custom location.
This App Supports proxy configuration. Configure the proxy first in the
Application Configuration dashboard on the Proxy Tab, and then choose it during the modular input configuration.
$SPLUNK_HOME/bin/splunk diag --collect app:cb_psc_for_splunk
CB ThreatHunter For Splunk contains no lookup files.
CB ThreatHunter For Splunk does make use of an event generator. This allows the product to display data, when there are no inputs configured. To enable them, visit the
Application Configuration page, Eventgen Configuration tab.
Version 1.0.0 of CB ThreatHunter For Splunk incorporates the following Third-party software or third-party services .
This is the initial release for Carbon Black ThreatHunter integration. Please see details for full notes and documentation.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.