It is possible to insert the Audit log data into a siem by using the Carbon Black Cloud syslog connection found
here. When setting up the connector do not specify a SIEM key (so that notifications are not being pulled) ONLY specify an API key. Then configure the connector to send syslog out to your Splunk indexer / Forwarder. Then configure a standard syslog input within your Splunk to accept this syslog data.