![]() ![]() Note: If you are using the Data Forwarder to ingest Alerts and Events then you will need to install and configure the Splunk AWS Add-on. Built-in Inputs (Alert Inputs, Audit Log Inputs, Live Query Inputs, and Vulnerabilities Inputs).Heavy Forwarder - IA-vmware_app_for_splunk The Heavy Forwarder is where Splunk will ingest data from the Carbon Black Cloud, the Indexer will process the incoming data and apply the CIM compliant models, and the Search Head provides the graphical search interface that allows you to interact with the data through dashboards, alert actions and custom commands. In a distributed environment the app and add-ons only support a subset of configuration as each Splunk component provides specific functionality. Please reach out to Carbon Black Cloud Support for further information. Note: This app has not been reviewed for FedRAMP Compliance for use in the AWS GovCloud (US) environment. Otherwise, see the Self Service Install documentation Depending on your Splunk Cloud configuration you may need to contact Splunk Cloud Support to install the VMware Carbon Black Cloud app.Indexer: TA-vmware_app_for_splunk ( TA-vmware_app_for_splunk).Heavy Forwarder: IA-vmware_app_for_splunk ( IA-vmware_app_for_splunk). ![]() ![]() VMware Carbon Black Cloud App ( vmware_app_for_splunk).Single Instance + Heavy Forwarder (8.x) or (9.x) Only the VMware Carbon Black Cloud App ( vmware_app_for_splunk).Migrate to the VMware Carbon Black Cloud App for Splunk (). The Splunk 7.x apps are no longer supported and have been archived. See the following sections as to where each component is installed.Īs of January 31st, 2022 the APIs supporting the Splunk 7.x apps will be decommissioned causing some features to no longer function. Warning: Installing the VMware Carbon Black Cloud Technology Add-on (TA) or Input Add-on (IA) on the same node as the App is an unsupported configuration that may result in instability or errors.ĭepending on your Splunk configuration and version, the VMware Carbon Black Cloud app, Technology Add-on (TA), and Input Add-on (IA) need to be installed on specific Splunk instances. Endpoint Events enable your SOC to perform threat hunting, conduct forensic investigations, and build custom analytics.Remediate critical issues by killing a process or banning hashes from future execution.Kick off Live Response and Live Query actions to gather information directly from endpoints.Enrich alerts with event or process context.Automate workflows with built-in SOAR capabilities.Triage and investigate from Splunk, or pivot back to the Carbon Black Cloud console.Use Splunk as a single pane of glass for your Carbon Black Cloud alerts.This app realizes many key SOC use cases, from conventional SIEM to XDR: Splunk Enterprise 8.1, 8.2, 9.0 or Splunk Cloud.Out-of-the-box, this app provides holistic visibility into the state of your endpoints and workloads through customizable dashboards and alert feeds in Splunk. This app provides a unified solution to integrate Carbon Black Cloud Endpoint and Workload offerings with Splunk Enterprise, Splunk Cloud, and Splunk Enterprise Security (ES). This application connects with any Carbon Black Cloud offering and replaces the existing product-specific Carbon Black Cloud apps for Splunk. The VMware Carbon Black Cloud App for Splunk is a single application to integrate your endpoint and workload security features and telemetry directly into Splunk dashboards, workflows and alert streams. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |