Back to Blogs

Announcing Enhancements for Carbon Black Cloud App for Splunk

Posted on March 1, 2021

We’re pleased to announce enhancements to the VMware Carbon Black Cloud App for Splunk 8. This app provides an updated solution for customers to access their Carbon Black Cloud Endpoint and Workload features and data within the Splunk console. Out-of-the-box, this app provides holistic visibility into the state of your endpoints and workloads through customizable dashboards and alert feeds in Splunk.

Enhancements include:

Built-in Data Inputs:

  • Device Control Alerts
  • Audit Logs
  • Live Query Results
  • Vulnerability Assessment

Common Information Model for:

  • Alerts
  • Endpoint/Process
  • Vulnerability
  • Malware


  • Devices
  • Processes
  • Vulnerabilities

Alert Actions / Adaptive Response:

  • Run Live Query
  • Dismiss Alert in CBC
  • Update Device Policy
  • Ban Hash
  • Get Process Details
  • Get Enriched Events for an Analytics Alert

Customers who are currently using one of the legacy Carbon Black Cloud Splunk integrations are encouraged to adopt this application in order to leverage the latest features and capabilities. Resources:

For questions, please reach out to the Carbon Black Developer Network.