topic What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? in Splunk Enterprise Security https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306537#M2766 <P>We currently use Splunk Enterprise Security (ES). </P> <P>When ingesting Carbon Black Protection (bit9) logs which Splunkbase app is best to use? What have been people's experiences?</P> <P>Should I go for the Cb Protection App for Splunk built by Carbon Black? Or should I go for the Splunk Add-on for Bit9 Carbon Black built by Splunk? </P> <P>I just need the data parsed and tagged correctly to the CIM data models. </P> <P>*As clarification Parity aka Bit9 aka Carbon Black Protection are the same product.</P> Thu, 30 Mar 2017 18:17:36 GMT wliu_ondeck 2017-03-30T18:17:36Z What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306537#M2766 <P>We currently use Splunk Enterprise Security (ES). </P> <P>When ingesting Carbon Black Protection (bit9) logs which Splunkbase app is best to use? What have been people's experiences?</P> <P>Should I go for the Cb Protection App for Splunk built by Carbon Black? Or should I go for the Splunk Add-on for Bit9 Carbon Black built by Splunk? </P> <P>I just need the data parsed and tagged correctly to the CIM data models. </P> <P>*As clarification Parity aka Bit9 aka Carbon Black Protection are the same product.</P> Thu, 30 Mar 2017 18:17:36 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306537#M2766 wliu_ondeck 2017-03-30T18:17:36Z Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306538#M2767 <P>Use <A href="https://splunkbase.splunk.com/app/2790/">https://splunkbase.splunk.com/app/2790/</A>, as it is CIM compatible.</P> Thu, 30 Mar 2017 19:29:00 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306538#M2767 rpille_splunk 2017-03-30T19:29:00Z Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306539#M2768 <P>Note that <A href="https://splunkbase.splunk.com/app/2790/">https://splunkbase.splunk.com/app/2790/</A> is the TA for Cb Response, <EM>not</EM> Cb Protection. If you're integrating with Cb Protection, you want the <A href="https://splunkbase.splunk.com/app/1790">Cb Protection App for Splunk</A>. Sorry about the confusion.</P> Thu, 30 Mar 2017 19:38:58 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306539#M2768 carbonblack 2017-03-30T19:38:58Z Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306540#M2769 <P>Link not working <A href="https://splunkbase.splunk.com/app/2790">https://splunkbase.splunk.com/app/2790</A></P> Thu, 27 Apr 2017 15:49:48 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306540#M2769 robjackson 2017-04-27T15:49:48Z Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306541#M2770 <P>Your clicking on the link which inserts an extra , comma at the end. Take out the comma at the end and it will work. </P> Thu, 27 Apr 2017 15:56:49 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306541#M2770 wliu_ondeck 2017-04-27T15:56:49Z Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306542#M2771 <P>As per Carbon black, TA is applicable for CB response product and not for the protection. We have a CB protection V7.2 so what is the TA we suppose to use get those logs CIM complaint. Thanks!!</P> Thu, 07 Dec 2017 19:48:39 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/What-is-the-best-Splunkbase-app-for-Carbon-Black-Protection-bit9/m-p/306542#M2771 ravichandren 2017-12-07T19:48:39Z