If carbon black is listening, are you guys planning on adding more fields from the CB Defense console into the splunk data you're collecting? Right now the threatInfo.indicators{}.applicationName field is great but I'd love to have that broken down to parent and target app.
As an example, I get an alert for "known malware" in carbon black and I can see the parent app is iexplore.exe but I'd love to see the target app of malware.exe when I'm tabling data for better alerting in Splunk.
Thanks!