CB PSC: How to differentiate Defense and ThreatHunter data in Splunk
book
Article ID: 290009
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Successfully differentiate between Defense and ThreatHunter data being ingested into Splunk
Environment
- CB PSC Web Console: All Versions
- CB Defense
- CB ThreatHunter
- Carbon Black Cloud Event Forwarder: All Versions
- Splunk: All Supported Versions
Resolution
Defense events ingested in Splunk will contain an event_id field whereas ThreatHunter events will not contain this field
Feedback
thumb_up
Yes
thumb_down
No