The Splunk App for Carbon Black App Control allows Splunk to interpret data provided by Carbon Black App Control so that it can be analyzed and displayed by Splunk.
Prerequisites
Before you install the Splunk App, set up the Splunk Server to receive forwarder data on port 9997. See Set up the Splunk Server to Receive Splunk Universal Forwarder Messages.
Procedure
- Log into the Splunk server as an administrator-level user.
- Search for “App Control” through the Find Apps Online feature in the Splunk console, and when you find the Carbon Black App Control App for Splunk, download it to a convenient location on the server.
- In the menu bar at the top of the Splunk console, click Apps > Manage Apps.
- Install the App from its zip file:
- Click on Install app from file and in the Upload an app dialog, browse to the
cb-protection-app-for-splunk_20.tar.gz
file. - Click Upload. The file name, especially the numbers at the end, varies with version changes.
- Click on Install app from file and in the Upload an app dialog, browse to the
What to do next
Next step: Install the Splunk Forwarder on the Carbon Black App Control Server