Source types for the Splunk Add-on for Carbon Black¶
The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.
| Data source | Sourcetype | Event type | CIM compliance |
|---|---|---|---|
| JSON file | bit9:carbonblack:json |
bit9_carbonblack_alert |
Alerts, Intrusion Detection |
bit9_carbonblack_change_analysis |
|||
bit9_carbonblack_application_state |
|||
bit9_carbonblack_network |
|||
carbonblack_endpoint_processes |
|||
carbonblack_endpoint_filesystem |
|||
carbonblack_endpoint_registry |
|||
edr_carbonblack_alert |
Alerts | ||
edr_carbonblack_network |
Network Traffic | ||
edr_carbonblack_endpoint_processes |
Endpoint | ||
edr_carbonblack_endpoint_registry |
Endpoint | ||
edr_carbonblack_endpoint_filesystem |
Endpoint |