This section explains how to deploy and configure the Carbon Black Cloud app for Splunk SIEM 2.0.0+.

Note: This app has not been reviewed for FedRAMP Compliance for use in the AWS GovCloud (US) environment.

Depending on your Splunk SIEM configuration and version, the Carbon Black Cloud App, Technology Add-on (TA), and Input Add-on (IA) must be installed on specific Splunk SIEM instances.

Single Instance (9.x)
Prerequisite: Splunk CIM Add-on
Carbon Black Cloud App ( vmware_app_for_splunk)
Single Instance + Heavy Forwarder (9.x)
Single Instance:
Heavy Forwarder:

IA-vmware_app_for_splunk

Distributed Deployment (9.x)
Heavy Forwarder:

IA-vmware_app_for_splunk

Search Head:
Indexer:

TA-vmware_app_for_splunk

Splunk Cloud
Depending on your Splunk Cloud configuration, you may need to contact Splunk Cloud Support to install the Carbon Black Cloud app. Otherwise, see the Self Service Install documentation.