Skip to content

Source types for the Splunk Add-on for Carbon Black

The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.

The following table shows the CIM compliance by event type for data from a JSON file (data source) and source type bit9:carbonblack:json:

Event type CIM compliance
bit9_carbonblack_alert Alerts, Intrusion Detection
bit9_carbonblack_change_analysis n/a
bit9_carbonblack_application_state n/a
bit9_carbonblack_network n/a
carbonblack_endpoint_processes n/a
carbonblack_endpoint_filesystem n/a
carbonblack_endpoint_registry n/a
edr_carbonblack_alert Alerts
edr_carbonblack_network Network Traffic
edr_carbonblack_endpoint_processes Endpoint
edr_carbonblack_endpoint_registry Endpoint
edr_carbonblack_endpoint_filesystem Endpoint