Carbon Black Cloud Endpoint Standard is the new name for the product formerly called CB Defense.
Integrations developed by Carbon Black all have similar installation instructions, unless otherwise specified.
Integrations may require an API URL, which is accessible through a special hostname assigned to your organization. To find your organization’s API hostname, please refer to this KB article.
Carbon Black partners with industry leaders to create integrated solutions helping you to achieve end-to-end protection across security systems. The Carbon Black Integration Network highlights our Partners and the solutions they have built using our Open APIs.
Members of the Carbon Black partner program can submit their products to Carbon Black for certification and promotion on our Integration Network. Learn more about the Carbon Black Partner Program here.
These connectors allow users to send notifications or alerts into a SIEM like Splunk or QRadar.
The syslog connector lets administrators forward alert notifications and audit logs from their Carbon Black Cloud instance to local, on-premise systems, and:
The syslog connector can be automated on all Platforms. Please select your desired Operating System for more information.
The Endpoint Standard, or CB Defense Add-On for Splunk allows administrators to forward events and notifications from the industry’s leading NGAV solution into Splunk for correlation and analysis.
This add-on is available on Splunkbase under CB Defense Add-On for Splunk for both Splunk on-premise and Splunk Cloud.
This app requires Endpoint Standard and Splunk version 6.4 or above.
No additional hardware requirements are necessary for running this app above the standard requirements for both Carbon Black and Splunk.
Install Endpoint Standard app for Splunk and configure it to connect to your Endpoint Standard server. Do this by creating a Endpoint Standard API Key and attaching it to one or more Notification Rules. To create a SIEM API Key and notification rule:
Next, configure the Endpoint Standard app for Splunk to connect to your Endpoint Standard server:
api-url.conferdeploy.net. Refer to: Endpoint Standard API Basics.
The Endpoint Standard app for Splunk uses Splunk’s encrypted credential storage facility to store the API token for your Endpoint Standard server, so the API key is stored securely on the Splunk server.