What is the best Splunkbase app for Carbon Black P...

wliu_ondeck · ‎03-30-2017

We currently use Splunk Enterprise Security (ES).

When ingesting Carbon Black Protection (bit9) logs which Splunkbase app is best to use? What have been people's experiences?

Should I go for the Cb Protection App for Splunk built by Carbon Black? Or should I go for the Splunk Add-on for Bit9 Carbon Black built by Splunk?

I just need the data parsed and tagged correctly to the CIM data models.

*As clarification Parity aka Bit9 aka Carbon Black Protection are the same product.

carbonblack · ‎03-30-2017

Note that https://splunkbase.splunk.com/app/2790/ is the TA for Cb Response, not Cb Protection. If you're integrating with Cb Protection, you want the Cb Protection App for Splunk. Sorry about the confusion.

rpille_splunk · ‎03-30-2017

Use https://splunkbase.splunk.com/app/2790/, as it is CIM compatible.

robjackson · ‎04-27-2017

Link not working https://splunkbase.splunk.com/app/2790

ravichandren · ‎12-07-2017

As per Carbon black, TA is applicable for CB response product and not for the protection. We have a CB protection V7.2 so what is the TA we suppose to use get those logs CIM complaint. Thanks!!

wliu_ondeck · ‎04-27-2017

Your clicking on the link which inserts an extra , comma at the end. Take out the comma at the end and it will work.

What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life