About the Splunk Add-on for Carbon Black¶
| Component | Description |
|---|---|
| Version | 2.1.0 |
| Vendor Product(s) | Carbon Black Response 4.2+, Carbon Black Response 6.3.1, Carbon Black EDR 7.4.0, Carbon Black EDR 7.6.1 |
Note
As of version 1.1.0, the Splunk Add-on for Bit9 Carbon Black is now called the Splunk Add-on for Carbon Black.
Use the Splunk Add-on for Carbon Black to collect notifications and event data in JSON format from Carbon Black Response servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events.
Release notes and release history¶
For a summary of new features, fixed issues, and known issues and for more information on release history, see Release notes for the Splunk Add-on for Carbon Black.
Compatibility¶
This add-on provides the inputs and Common Information Model (CIM)-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
For detailed information about compatibility with other software, CIM versions, and platforms, see the Release notes for the SplunkAdd-on for Carbon Black.
Source types and lookups¶
For more information about the source types for the Add-on for Carbon Black, see the Source types.
Download the add-on¶
You can download the Splunk Add-on for Carbon Black from Splunkbase.
Install and configure the add-on¶
To install and configure the Splunk Add-on for Carbon Black, see Installation and configuration overview.
Hardware and software requirements¶
For more information, see Hardware and software requirements.
Additional resources¶
For more information, see Questions related to Splunk Add-on for Carbon Black on Splunk Answers.
See Troubleshooting guidelines specific for this add-on.