Latest Version 1.0.0
July 10, 2015
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Splunk Add-on for Bit9 Carbon Black
The Splunk Add-on for Bit9 Carbon Black allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Bit9 Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. After Splunk Enterprise indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.
Built by
Compatibility
Not Available
Platform Version: 6.3, 6.2
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Splunk Supported addon
The Splunk Add-on for Bit9 Carbon Black allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Bit9 Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. After Splunk Enterprise indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.
Note: In order to get the Bit9 Carbon Black Server data into JSON format, you need to download and run a script from Bit9.
Categories
Created By
Splunk Inc.
Type
addon
Downloads
163
Licensing
Splunk Answers
Resources
Log in to report this app listing