Carbon Black Cloud: Splunk app does not include Alert Triage link for CB Analytics Alerts
book
Article ID: 290416
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- VMware Carbon Black Cloud App configured to use Data Forwarder or built-in data ingestion
- Alert data showing up in Splunk
- URL links to CB Analytics Alerts, Watchlist hits, and Device Control Alerts are not included in data sent to Splunk
Environment
- Carbon Black Cloud Console: All Versions
- VMware Carbon Black Cloud Splunk App: v1.1.1 and Higher
- Splunk: v8.0 and Higher (app 5332)
Cause
Working as currently designed based on
schemas for the Alerts API
Resolution
Review the
Voice of the Customer space and click on Submit Idea button (blue circle with white plus) or vote for existing ideas
Feedback
thumb_up
Yes
thumb_down
No