Does the Splunk add-on / app for Carbon Black Cloud (formerly PSC: Defense / Threat Hunter) support Audit log ingestion?

• Carbon Black Cloud Console: All Versions
• CB Defense Add-On for Splunk: Version 2.0.1
• CB Defense App for Splunk: Version 1.1.4

• Not at this time in versions less than Add-On for Splunk: Version 2.0.1 or App for Splunk: Version 1.1.4.
• Please up-vote this feature request found in Idea Central to help increase the priority for this feature: https://community.carbonblack.com/t5/Idea-Central/CBC-Update-Splunk-App-Add-on-To-Include-Console-Audit-Log/idi-p/88990#M9579 

It is possible to insert the Audit log data into a siem by using the Carbon Black Cloud syslog connection found here. When setting up the connector do not specify a SIEM key (so that notifications are not being pulled) ONLY specify an API key. Then configure the connector to send syslog out to your Splunk indexer / Forwarder. Then configure a standard syslog input within your Splunk to accept this syslog data.