Knowledge Base

Yes

Environment

Carbon Black Cloud Console: All Versions
CB Defense Add-On for Splunk: Version 2.0.1
CB Defense App for Splunk: Version 1.1.4

Question

Does the Splunk add-on / app for Carbon Black Cloud (formerly PSC: Defense / Threat Hunter) support Audit log ingestion?

Answer

Not at this time in versions less than Add-On for Splunk: Version 2.0.1 or App for Splunk: Version 1.1.4.
Please up-vote this feature request found in Idea Central to help increase the priority for this feature: CBC: Update Splunk App, Add-on To Include Console Audit Log Information

Additional Notes

It is possible to insert the Audit log data into a siem by using the Carbon Black Cloud syslog connection found here. When setting up the connector do not specify a SIEM key (so that notifications are not being pulled) ONLY specify an API key. Then configure the connector to send syslog out to your Splunk indexer / Forwarder. Then configure a standard syslog input within your Splunk to accept this syslog data.

Knowledge Base

Carbon Black Cloud: Does The Splunk Add-on Or App Ingest Console Audit Logs

Carbon Black Cloud: Does The Splunk Add-on Or App Ingest Console Audit Logs

Environment

Question

Answer

Additional Notes

Related Content

Audit and Remediation

Carbon Black Cloud

Container

Endpoint Standard

Enterprise EDR

Managed Detection

Workload

Knowledge Base

Carbon Black Cloud: Does The Splunk Add-on Or App Ingest Console Audit Logs

Carbon Black Cloud: Does The Splunk Add-on Or App Ingest Console Audit Logs

Environment

Question

Answer

Additional Notes

Related Content

Audit and Remediation

Carbon Black Cloud

Container

Endpoint Standard

Enterprise EDR

Managed Detection

Workload

Thank you for your feedback.

Thank you for your feedback.