Splunk Add-on for Bit9 Carbon Black

The Splunk Add-on for Bit9 Carbon Black allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Bit9 Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. After Splunk Enterprise indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. Note: In order to get the Bit9 Carbon Black Server data into JSON format, you need to download and run a script from Bit9.

Built by Splunk Inc.

Latest Version 1.0.0

July 10, 2015

Release notes

Compatibility

Not Available

Platform Version: 6.3, 6.2

CIM Version: 4.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

The Splunk Add-on for Bit9 Carbon Black allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Bit9 Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. After Splunk Enterprise indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. Note: In order to get the Bit9 Carbon Black Server data into JSON format, you need to download and run a script from Bit9.