The CB Response App for Splunk allows administrators to leverage the industry’s leading EDR solution to see, detect and take action upon endpoint activity from directly within Splunk. Once installed, the App will allow administrators to access many of the powerful features of Carbon Black, such as process and binary searches from within and in conjunction with Splunk.
When used along side Splunk’s Enterprise Security, the CB Response App for Splunk also provides Adaptive Response Actions to take action automatically based on the result of Correlation Searches and on an ad-hoc basis on Notable Events surfaced within Splunk ES.
Published by the Carbon Black Developer Network http://developer.carbonblack.com
Source code available on GitHub: https://github.com/carbonblack/cb-response-splunk-app