Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About carbonblack
carbonblack
Path Finder
Member since:
12-21-2016
06-05-2020
Community Statistics
| Posts | 11 |
| Solutions | 2 |
| Karma Given | 1 |
| Karma Received | 3 |
| Member Since | 12-21-2016 |
Activity Feed
- Karma Re: anyone got the CB ThreatHunter app working? for aplura_llc_supp. 06-05-2020 12:50 AM
- Got Karma for Re: Why is the Setup Action missing after installing Cb Response App for Splunk version 2.0.4?. 06-05-2020 12:48 AM
- Got Karma for Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration?. 06-05-2020 12:48 AM
- Got Karma for Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration?. 06-05-2020 12:48 AM
- Posted Re: How can I disable certificate validation for API calls? on All Apps and Add-ons. 09-20-2019 08:43 AM
- Posted TAB-2762 Add on Builder on All Apps and Add-ons. 01-22-2019 01:24 PM
- Tagged TAB-2762 Add on Builder on All Apps and Add-ons. 01-22-2019 01:24 PM
- Posted Re: Set-up Page in Carbon Black Defense App just spins - what is wrong? on All Apps and Add-ons. 10-26-2018 10:56 AM
- Posted Re: Carbon Black TA and Cb Response App: Parsed field names don't match app dashboards? on All Apps and Add-ons. 08-23-2018 08:53 AM
- Posted Re: Limiting data from Carbon Black Response - looking for ideas on All Apps and Add-ons. 01-23-2018 11:09 AM
- Posted Re: Limiting data from Carbon Black Response - looking for ideas on All Apps and Add-ons. 01-22-2018 09:17 AM
- Posted Re: Limiting data from Carbon Black Response - looking for ideas on All Apps and Add-ons. 01-19-2018 06:49 AM
- Posted Re: Cb Response App for Splunk: Error "Unknown error reading API Key" on All Apps and Add-ons. 12-27-2017 12:01 PM
- Posted Re: What is the best Splunkbase app for Carbon Black Protection (bit9) and Splunk Enterprise Security integration? on Splunk Enterprise Security. 03-30-2017 12:38 PM
- Posted Re: Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.file_hash or Email.file_hash? on Splunk Enterprise Security. 03-20-2017 06:43 AM
- Posted Re: Why is the Setup Action missing after installing Cb Response App for Splunk version 2.0.4? on All Apps and Add-ons. 12-21-2016 10:03 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
09-20-2019
08:43 AM
To disable SSL validation for on-premise installs of Splunk and Cb Response, create a file named /opt/splunk/etc/apps/DA-ESS-CbResponse/local/DA-ESS-CbResponse_Settings.conf with the following contents:
[ssl_info]
ssl_verify = false
More details are available on the Cb Response App for Splunk page on Splunkbase (https://splunkbase.splunk.com/app/3336/#/details)
... View more
01-22-2019
01:24 PM
https://docs.splunk.com/Documentation/AddonBuilder/2.2.0/UserGuide/Knownissues
Asking about TAB-2762 - How would one troubleshoot this or possible work around it? How can I tell which TA is offending?
V/r
... View more
- Tags:
- splunk-enterprise
10-26-2018
10:56 AM
Hi,
This is the Carbon Black Developer Relations team. I wanted to post an update here. This app was created with the Splunk Add on builder, so there isn't much we can try. We are in the process of communicating with our Splunk contacts and investigating this issue.
We are going to try recreating the App with the Add on builder and see if that fixes the issues.
Can we get some input on what versions of Splunk are being used?
... View more
08-23-2018
08:53 AM
Hi @TonyLeeVT, the fields you're referencing are from Cb Protection (the former Bit9 product), but you're using the Cb Response App for Splunk.
You want the Cb Protection App for Splunk which is available here: https://splunkbase.splunk.com/app/1790/
Hope this helps!
... View more
01-23-2018
11:09 AM
Unfortunately, there isn't a more fine grained filter mechanism other than to filter by event type at this time.
... View more
01-22-2018
09:17 AM
Your configuration file is in line with what I would expect- that does look like it will eliminate all event types except for the process start, netconn, and process block event types. Just to make sure- you only see those event types in the Splunk console as well?
In that case, you may just have a very noisy environment (either lots of network connections, or Mac/Linux endpoints which create a lot more process events than Windows workstations). There's nothing else built in to the event forwarder to perform additional filtering, so you would have to trim more event types (you can use Splunk to determine the relative ranking of which event types are more prevalent in your environment).
... View more
01-19-2018
06:49 AM
How many endpoints do you have on your network? I would start with just feed/watchlist/alert hits in your situation, then add in process starts after you have a few days under your belt to determine volume.
That said, 1GB in 6 minutes still sounds very high. Can you share your cb-event-forwarder.conf file (eliminate any credentials from the file before posting)
Thanks
- Jason
... View more
12-27-2017
12:01 PM
We haven't seen that error in the past - we use the Splunk Password Storage REST API endpoints to store the credentials in an encrypted manner. Can you send us an email at dev-support@carbonblack.com and we can set up a shared session to try and troubleshoot what may be occurring?
Thanks
- Jason
... View more
03-30-2017
12:38 PM
2 Karma
Note that https://splunkbase.splunk.com/app/2790/ is the TA for Cb Response, not Cb Protection. If you're integrating with Cb Protection, you want the Cb Protection App for Splunk. Sorry about the confusion.
... View more
03-20-2017
06:43 AM
I will have to ask our Splunk contacts to find out if this is the right mapping. We don't publish the Splunk Add-On (TA), just the Splunk App for Cb Response (DA-ESS-CbResponse). Since Cb tracks benign as well as malicious files, I don't know if automatically mapping all md5s to Malware.file_hash would break other pieces of Enterprise Security.
... View more
12-21-2016
10:03 AM
1 Karma
There may be an issue with how the setup is handled for older versions of Splunk (< 6.4). The new setup screen is generated by Splunk Add-On Builder 2.0, and I believe that setup screen is only compatible with Splunk 6.4 and above. I will double check with my Splunk contacts on this question.
You may be able to access the setup page directly, can you access the URL /en-US/app/DA-ESS-CbResponse/setup_page?action=edit on your Splunk server?
Thanks
- Jason
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
