Carbon Black

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Carbon Black, now part of VMware, is a leading provider of advanced endpoint security solutions. Its offerings focus on protecting organizations from sophisticated cyber threats by delivering comprehensive endpoint protection, detection, and response capabilities. Carbon Black's technology provides deep visibility into endpoint activity, enabling security teams to proactively identify, investigate, and remediate threats across their IT environments.

Getting data in

Source	Add-ons and Apps	Guidance
Carbon Black Carbon Black is a source for endpoint protection that can be forwarded into Splunk for correlation with other security indicators and for alerting on detections of attacks. The Carbon Black event data is forwarded to Splunk by universal forwarders in JSON format. Carbon Black provides fields and tags in the endpoint security domain focusing on intrusion detection, system changes used for malware detection, and investigation. It also monitors network traffic, does protocol analysis, and tracks and alerts on application behavior. In the Common Information Model, Carbon Black data can be mapped to the Alerts, Intrusion Detection, Change, Network Traffic, or Endpoint data models, depending on the field.	Splunk platform Splunk Add-on for Carbon Black Splunk SOAR Carbon Black Defense Carbon Black App Control Carbon Black Response	Configuration About the Splunk Add-on for Carbon Black Splunk Lantern Articles Recognizing improper use of system administration tools Detecting data exfiltration activities Responding to incidents with the Splunk platform and Fox-IT's Dissect Monitoring for signs of Windows privilege escalation attacks (Splunk Enterprise Security)
VMware Carbon Black Cloud VMware Carbon Black Cloud is a cloud-native endpoint protection platform (EPP) that unifies endpoint detection and response (EDR), next-generation antivirus (NGAV), and managed detection and response (MDR) capabilities. It provides advanced threat prevention, behavioral analysis, and continuous visibility to protect against modern cyberattacks.	Splunk platform TA- VMware Carbon Black Cloud IA - VMware Carbon Black Cloud VMware Carbon Black Cloud
VMware Carbon Black EDR VMware Carbon Black EDR (Endpoint Detection and Response) is an on-premise solution that provides continuous recording of endpoint activity to enable security teams to hunt for threats, investigate incidents, and respond quickly to attacks. It offers deep visibility into endpoint events, making it easier to identify and remediate malicious behavior.	Splunk platform TA- VMware Carbon Black EDR On-Prem VMware Carbon Black EDR On-Prem

Source

Add-ons and Apps

Guidance

Carbon Black

Carbon Black is a source for endpoint protection that can be forwarded into Splunk for correlation with other security indicators and for alerting on detections of attacks. The Carbon Black event data is forwarded to Splunk by universal forwarders in JSON format. Carbon Black provides fields and tags in the endpoint security domain focusing on intrusion detection, system changes used for malware detection, and investigation. It also monitors network traffic, does protocol analysis, and tracks and alerts on application behavior.

In the Common Information Model, Carbon Black data can be mapped to the Alerts, Intrusion Detection, Change, Network Traffic, or Endpoint data models, depending on the field.

Splunk platform

Splunk Add-on for Carbon Black

Splunk SOAR

Configuration

About the Splunk Add-on for Carbon Black

Splunk Lantern Articles

VMware Carbon Black Cloud

VMware Carbon Black Cloud is a cloud-native endpoint protection platform (EPP) that unifies endpoint detection and response (EDR), next-generation antivirus (NGAV), and managed detection and response (MDR) capabilities. It provides advanced threat prevention, behavioral analysis, and continuous visibility to protect against modern cyberattacks.

Splunk platform

VMware Carbon Black EDR

VMware Carbon Black EDR (Endpoint Detection and Response) is an on-premise solution that provides continuous recording of endpoint activity to enable security teams to hunt for threats, investigate incidents, and respond quickly to attacks. It offers deep visibility into endpoint events, making it easier to identify and remediate malicious behavior.

Splunk platform