Source types for the Splunk Add-on for Carbon Black¶
The Splunk Add-on for Carbon Black collects notifications and event data from Carbon Black Response servers in JSON format and provides the following source type and event types.
The following table shows the CIM compliance by event type for data from a JSON file (data source) and source type bit9:carbonblack:json
:
Event type | CIM compliance |
---|---|
bit9_carbonblack_alert |
Alerts, Intrusion Detection |
bit9_carbonblack_change_analysis |
n/a |
bit9_carbonblack_application_state |
n/a |
bit9_carbonblack_network |
n/a |
carbonblack_endpoint_processes |
n/a |
carbonblack_endpoint_filesystem |
n/a |
carbonblack_endpoint_registry |
n/a |
edr_carbonblack_alert |
Alerts |
edr_carbonblack_network |
Network Traffic |
edr_carbonblack_endpoint_processes |
Endpoint |
edr_carbonblack_endpoint_registry |
Endpoint |
edr_carbonblack_endpoint_filesystem |
Endpoint |