Back to Blogs

Announcing the VMware Carbon Black Cloud App for Splunk 1.0.0 Release!

Posted on November 18, 2020


We’re pleased to announce the release of the VMware Carbon Black Cloud App for Splunk.

This app provides an updated solution for customers to access their Carbon Black Cloud Endpoint and Workload features and data within the Splunk console. Out-of-the-box, this app provides holistic visibility into the state of your endpoints and workloads through customizable dashboards and alert feeds in Splunk.

The app is available for download from Splunkbase here. Depending on your installation, the Input Add-on or Technology Add-on may also be required.

Notable features include:

  • Support for Splunk 8.0, 8.1, Splunk Cloud, and Splunk ES 6.x
    • Customers using Splunk 7.x or lower should continue using the legacy Splunk integrations until they are using Splunk 8+.
  • Proxy
  • Multi-tenancy:
    • Data Inputs
    • Dashboards
    • Adaptive Response
  • Data Inputs:
    • Alerts (API or Event Forwarder)
    • Endpoint Events (Event Forwarder)
  • Common Information Model (+ Accelerated Data Model):
    • Alerts
    • Endpoints
  • Dashboards:
    • Alerts
    • Endpoint Events
    • Alert Table
  • Adaptive Response:
    • Quarantine/Unquarantine Endpoint
    • Add/Remove IoC from Watchlist
    • List Processes
    • Kill Processes
    • Get File Metadata

Additional enhancements are planned for release in early 2021. These enhancements include full support for Audit & Remediation, Audit Logs, and additional adaptive response actions.

Customers who are currently using one of the legacy Carbon Black Cloud Splunk integrations are encouraged to adopt this application in order to leverage the latest features and capabilities.