EDR: Where can someone get support for the CB Splunk Application?
search cancel

EDR: Where can someone get support for the CB Splunk Application?

book

Article ID: 285752

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Where can someone get support for the CB Splunk Application?

Environment

  • EDR Server: All versions
  • EDR Sensor: All versions
  • CB Splunk Application: All versions

Resolution

Getting Support
  • View all API and integration offerings on the Developer Network along with reference documentation, video tutorials, and how-to guides.
  • Use the Developer Community Forum to discuss issues and get answers from other API developers in the VMware Carbon Black Community.
  • Report bugs and change requests to Carbon Black Support with the following logs from $SPLUNK_HOME/var/log/splunk
    • da-ess-cbresponse.log: main log file for common Carbon Black EDR helper functions, including the search Custom Commands
    • isolate_modalert.log: log file for the Isolate Endpoint Adaptive Response Action
    • banhash_modalert.log: log file for the Ban Hash Adaptive Response Action
    • killprocess_modalert.log: log file for the Kill Process Adaptive Response Action
Powered by Wolken Software