CB Response: Netconn Events are Split in Splunk
Article ID: 287909
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Netconn events from the cb-event-forwarder appear to come in split, each missing a different field.
Environment
- Carbon Black Response Server: All Versions
- Event Forwarder: All Versions
Cause
Technology Addon (TA) is not installed in Splunk
Resolution
Please install the Splunk Add-on for Carbon Black. https://splunkbase.splunk.com/app/2790/
Feedback
Yes
No
Powered by
