Release notes and release history for the Splunk Add-on for Carbon Black¶
The release notes cover compatibility for software, Common Information Model (CIM) versions, and platforms.
Release notes 2.1.0 (latest)¶
Version 2.1.0 of the Splunk Add-on for Carbon Black was released on March 7, 2022.
Compatibility¶
Version 2.1.0 of the Splunk Add-on for Carbon Black is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.0 |
| Platforms | Platform independent |
| Vendor products | Carbon Black Response 4.2, Carbon Black Response 6.3.1, Carbon Black Response 7.4.0, Carbon Black EDR 7.6.1 |
New features¶
- Added support for the latest Carbon Black EDR version v7.6.1.
- Provided compatibility with the latest CIM version v5.0.0.
- Fixed the
_timefield extraction issue when data is collected over HEC. Previously,_timeindicated the ingestion time of the event. As of this version, the actual timestamp value in the event is used. - Fixed extraction for the
file_pathfield to extract with a single slash instead of double slashes. - Corrected the
userfield extraction by removing incorrect values for some events.
Fixed issues¶
Version 2.1.0 of the Splunk Add-on for Carbon Black fixes the following issues. If no issue appear, then there are no bug fixes reported.
Known issues¶
Version 2.1.0 of the Splunk Add-on for Carbon Black contains the following known issues. If no issues appear, no issues have yet been reported.
Third-party software attributions¶
Version 2.1.0 of the Splunk Add-on for Carbon Black incorporates the following third-party software or libraries.
Version 2.0.0¶
Version 2.0.0 of the Splunk Add-on for Carbon Black was released on May 8, 2021
Compatibility¶
Version 2.0.0 is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.3.x, 8.0.x, 8.1.x |
| CIM | 4.18.1 |
| Platforms | Platform independent |
| Vendor Products | Carbon Black Response 4.2, Carbon Black Response 6.3.1, Carbon Black Response 7.4.0 |
New features¶
- Compatibility for Carbon Black Response Server 7.4.0
- Compatibility for cb-event-forwarder 3.7.4
- Compatibility for CIM 4.18.1
- CIM field process & process_exec & process_name will have the same value if the events contains only process_path.
- Extraction for CIM field registry_path has been fixed in the latest release 2.0.0.
- Extraction for CIM field process_pid has been fixed in the latest release 2.0.0.
- New CIM field mapping process_hash has been added in this release and a non CIM field parent_process_hash added to capture the md5 hash of the parent process.
- Starting with version 2.0.0, the tagging has been modified and updated as per the following table:
| Event type | Data model |
|---|---|
| bit9_carbonblack_alert | |
| bit9_carbonblack_change_analysis | |
| bit9_carbonblack_application_state | |
| bit9_carbonblack_network | |
| carbonblack_endpoint_processes | |
| carbonblack_endpoint_processes | |
| carbonblack_endpoint_filesystem | |
| carbonblack_endpoint_registry | |
| edr_carbonblack_alert | Alert |
| edr_carbonblack_network | Network Traffic |
| edr_carbonblack_endpoint_processes | Endpoint Processes |
| edr_carbonblack_endpoint_registry | Endpoint Registry |
| edr_carbonblack_endpoint_filesystem | Endpoint Filesystem |
- As of version 2.0.0, the values for product and vendor_product are as follows:
| Field | Value in version 1.1.0 | Value in version 2.0.0 |
|---|---|---|
| product | CB Response | EDR |
| vendor_product | Carbon Black CB Response | Carbon Black EDR |
Fixed issues¶
Version 2.0.0 of the Splunk Add-on for Carbon Black fixes the following issues. If no issue appear, then there are no bug fixes reported.
Known issues¶
Version 2.0.0 of the Splunk Add-on for Carbon Black contains the following known issues. If no issues appear, no issues have yet been reported.
Third-party software attributions¶
Version 2.0.0 of the Splunk Add-on for Carbon Black does not incorporate any third-party software or libraries.
Version 1.1.0¶
Compatibility¶
Version 1.1.0 of the Splunk Add-on for Carbon Black is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x |
|---|---|
| CIM | 4.13 |
| Platforms | Platform independent |
| Vendor Products | Carbon Black Response 4.2+, Carbon Black Response 6.3.1 |
New features¶
- Improved load balancing on the universal forwarder
- Compatibility for Carbon Black Response Server 6.3.1
- Compatibility for cb-event-forwarder 3.5.0
- Compatibility for CIM 4.13
- Updated inputs.conf.template to monitor directory instead of file
- Starting in version 1.1.0, the values for vendor, product and vendor_product have been updated as below:-
| Field | Value in version 1.0.1 | Value in version 1.1.0 |
|---|---|---|
| vendor | Bit9 | Carbon Black |
| product | Carbon Black | CB Response |
| vendor_product | Bit9 Carbon Black | Carbon Black CB Response |
Fixed issues¶
Version 1.1.0 of the Splunk Add-on for Carbon Black fixes the following issues. If no issue appear, then there are no bug fixes reported.
Known issues¶
Version 1.1.0 of the Splunk Add-on for Carbon Black contains the following known issues. If no issues appear, no issues have yet been reported.
Third-party software attributions¶
Version 1.1.0 of the Splunk Add-on for Carbon Black does not incorporate any third-party software or libraries.
Version 1.0.1¶
Compatibility¶
Version 1.0.1 of the Splunk Add-on for Bit9 Carbon Black is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x |
|---|---|
| CIM | 4.11 |
| Platforms | Platform independent |
| Vendor Products | Carbon Black Server (CBS) 4.2 or later |
Fixed issues¶
Version 1.0.1 of the Splunk Add-on for Bit9 Carbon Black fixes the following issues. If no issue appear, then there are no bug fixes reported.
Known issues¶
Version 1.0.1 of the Splunk Add-on for Bit9 Carbon Black contains the following known issues. If no issues appear, no issues have yet been reported.
Third-party software attributions¶
Version 1.0.1 of the Splunk Add-on for Splunk Add-on for Bit9 Carbon Black does not incorporate any third-party software or libraries.
Version 1.0.0¶
Compatibility¶
Version 1.0.0 of the Splunk Add-on for Bit9 Carbon Black has the same compatibility specifications as version 1.0.1.
New features¶
Version 1.0.0 of the Splunk Add-on for Bit9 Carbon Black has the following new features.
Known issues¶
Version 1.0.0 of the Splunk Add-on for Bit9 Carbon Black contains the following known issues. If no issues appear, no issues have yet been reported.
Third-party software attributions¶
Version 1.0.0 of the Splunk Add-on for Splunk Add-on for Bit9 Carbon Black does not incorporate any third-party software or libraries.