Carbon Black Cloud: What Splunk Apps/Add-Ons are needed?
Article ID: 291578
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What Splunk Apps and Add-Ons are needed?
Environment
- Carbon Black Cloud: All Versions
- Splunk Enterprise: 8.x
Resolution
- Splunk 7.X
- No longer supported by Splunk. Please use our apps for Splunk version 8
- Single Instance (8.X)
- (Pre-requisite) Splunk CIM Add-on
- Only the VMware Carbon Black Cloud App (vmware_app_for_splunk)
- Single Instance + Heavy Forwarder (8.X)
- Single Instance:
- (Pre-requisite) Splunk CIM Add-on
- VMware Carbon Black Cloud App (vmware_app_for_splunk)
- Heavy Forwarder: IA-vmware_app_for_splunk (IA-vmware_app_for_splunk)
- Distributed deployment (8.x)
- Heavy Forwarder: IA-vmware_app_for_splunk (IA-vmware_app_for_splunk)
- Search Head:
- (Pre-requisite) Splunk CIM Add-on
- VMware Carbon Black Cloud App (vmware_app_for_splunk)
- Indexer: TA-vmware_app_for_splunk (TA-vmware_app_for_splunk)
- Splunk Cloud
- Contact Splunk Cloud Support to assist with installation
Additional Information
- This application connects with any Carbon Black Cloud offering and replaces the existing product-specific Carbon Black apps for Splunk.
- Warning: Do not install the App/TA/IA on the same node.
Feedback
Yes
No
Powered by
