Hosted: EDR How to Enable the Splunk HEC Connector in a Hosted EDR console
search cancel

Hosted: EDR How to Enable the Splunk HEC Connector in a Hosted EDR console

book

Article ID: 284859

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Enable Splunk HEC connector from within a Hosted EDR console

Environment

  • Hosted EDR (formerly CB Response Cloud): All Versions
  • Splunk: All Supported Versions

Resolution

  1. From the console click on the event forwarder link
  2. Click edit
  3. Drop down 'Type' Select Splunk
  4. Add the URL of the 'Splunk HEC endpoint
  5. Add the 'HEC token
  6. Add the server 'Common Name' (FQDN of the Hosted EDR server)
  7. Configure 'Send timeout setting'
  8. Configure 'Max bundle size'
  9. Configure security settings as per your organizational requirements
  10. Click Save
  11. Verify data begins flowing to Splunk

Additional Information

  • As of Hosted EDR version 7.1.0 console administrators can configure the Event Forwarder from the console no support case is required
  • If the IP of the cloud server is needed perform an nslookup on sensors.fqdn
Powered by Wolken Software