This document describes the supported integrations for the VMware Carbon Black App Control.

Overview

For hardware and operating requirements, please refer to VMware Carbon Black App Control Operating Environment Requirements document.

SIEM

Note: App Control can output in syslog format. Therefore, applications that can ingest syslog format should work.
Security Information and Event Management (SIEM)
Publisher Product Supported Versions Additional Notes
HP ArcSight 6.2x, 6.3x
IBM QRadar V7.3.3 R-1, V7.4.0 R

Enterprise Security Appliances

Enterprise Security Appliances
Publisher Product Supported Versions Additional Notes
Palo Alto Networks PA, VM All Series, WildFire Cloud, WF-500 PAN OS 8.0, 8.1, 9.0, 9.1

Big Data Analysis

Big Data Analysis
Publisher Product Supported Version Additional Notes
Splunk Splunk Enterprise 5.0, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 7.0, 7.1, 7.2, 7.3 See Note1 below.
Note: 1: The Splunk App for App Control is published under the Creative Commons license ( https://creativecommons.org/licenses/by/4.0/)

There are no restrictions on modifying Carbon Black Splunk App code, as long as:

  1. Attribution is given to VMware Carbon Black, and…
  2. For any code that is published based on the VMware Carbon Black Splunk App code, no additional restrictions are added.