CB Defense: Does the Splunk App Get Command Line Data?
search cancel

CB Defense: Does the Splunk App Get Command Line Data?

book

Article ID: 291335

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Does the CB Defense App get the Command Line data from the CB Defense Notifications? 

Environment

  • CB Defense PSC Backend: All Supported Versions

Resolution

The command line data is available via the Console and the CB Defense API but not the SIEM notification functionality 

Additional Information

  • The CB Defense Notifications send over Alert Data which does not contain the command line path
  • The command line path is contained within the Event Data which is not sent to the Splunk App 
  • Event data is only available thru the CB Defense API and Console at this time
Powered by Wolken Software