Carbon Black Cloud: Splunk app does not include Alert Triage link for CB Analytics Alerts
search cancel

Carbon Black Cloud: Splunk app does not include Alert Triage link for CB Analytics Alerts

book

Article ID: 290416

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • VMware Carbon Black Cloud App configured to use Data Forwarder or built-in data ingestion
  • Alert data showing up in Splunk
  • URL links to CB Analytics Alerts, Watchlist hits, and Device Control Alerts are not included in data sent to Splunk

Environment

  • Carbon Black Cloud Console: All Versions
  • VMware Carbon Black Cloud Splunk App: v1.1.1 and Higher
  • Splunk: v8.0 and Higher (app 5332)

Cause

Working as currently designed based on schemas for the Alerts API

Resolution

Review the Voice of the Customer space and click on Submit Idea button (blue circle with white plus) or vote for existing ideas