EDR: EDR Plugin For Splunk Not Able To Isolate Sensor Via IP Address
search cancel

EDR: EDR Plugin For Splunk Not Able To Isolate Sensor Via IP Address

book

Article ID: 287161

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

EDR plugin for Splunk unable to isolate sensor using IP address.

Environment

  • EDR Server: 6.2.4
  • Splunk: 2.14

Cause

This is a known issue being tracked in Engineering under ticket CB-27104.

Resolution

  • Sensor can be isolated using Sensor ID instead of IP address.
  • Splunk Phantom (https://www.splunk.com/en_us/software/phantom.html) can also be used as an alternative tool.

Additional Information

  • The Splunk App is no longer compatible with the current ESS or other connectors. There are no current plans to fix, improve or enhance it in any way at this time.
  • The supported list of connectors for Cb Response can be found here: https://community.carbonblack.com/t5/Endpoint-Detection-and-Response/Supported-Connectors-for-Endpoint-Detection-and-Response/m-p/88026
Powered by Wolken Software