Cb Connect 2018 | Power of You | Register Now


Cb Response Comes to Splunk, Powered by Adaptive Response

October 12, 2016 / Jason Garman

You asked for it and we delivered.

The new Cb Response app for Splunk is now available on Splunkbase.  Packed full of powerful features, this App is all about giving Splunk users access to the power of Cb Response from inside their favorite splunk applications – thanks to Splunk’s new Adaptive Response Initiative.  

Once installed, this turnkey app empowers joint customers to see, search, and take action on endpoint data from inside Splunk.


This means your Splunk security users can now:

  • See, search and correlate endpoint data from Cb Response
  • Kill a malicious process
  • Remotely isolate a host
  • Ban a hash from executing across all endpoints
  • Pivot directly into Cb Response for deeper investigation

As a pioneer in an open-ecosystem approach to security, Carbon Black is proud to be one of the first vendors in the world to offer an Adaptive Response powered app to our clients.

For those unfamiliar with Adaptive Response, it is a Splunk led initiative representing the collective efforts of best-of-breed security vendors committed to providing a multi-layered defense strategy.

The initiative aims to help security analysts—from hunters to less skilled security staff—better handle threats by improving on the time to make decisions and the time to take actions when responding and adapting to threats. Carbon Black is a founding member of the initiative and is now one of the first vendors to release a production application leveraging the new capabilities.

This powerful integration will save organizations time and money by greatly reducing the time required to detect and respond to advanced threats by providing all critical endpoint capabilities from inside Splunk. Developed jointly with our customers  and Splunk, this app is already seeing widespread adoption and is proven in production deployments.

Using the new application, joint customers will be able to natively leverage the following capabilities from directly inside Splunk Enterprise Security:

Feature Feature Description
Summary Dashboard Consolidated Summary of identified threats and the endpoints affected
Workflow Actions: From within Splunk query results, right-click to query Cb Response

  • Binary Search by MD5
  • Process Search by IP, MD5, FileName and Domain/URL
Kill, Ban and Quarantine When threats are found, take remediation actions to:

  • Kill processes
  • Ban binary, MD5 or Hash
  • Isolate infected hosts
Deep Link Single-click transition from Splunk to the advanced features within Cb Response
Sophisticated Correlation with Rich Endpoint Data Combined with the Cb Response Event Forwarder, send rich endpoint event data into Splunk for advanced correlation, threat detection and remediation all from the Splunk console.

All endpoint events from Cb Response can be forwarded into Splunk, including all file modifications, process information, registry modifications, and more.

One great and early example of how correlating data from Cb Response inside Splunk can provide tremendous value and reduce alert fatigue is from our new technology partner, Corvil.  By correlating data from Cb Response and Corvil’s Security Analytics solution in Splunk, they have shown how Splunk can help connect the dots between network and endpoint data and help analysts prioritize alerts. For join customers, the Corvil team has made it incredibly simple to make these connections through a new App. You can see it in action here: Corvil Security Analytics for Splunk

As the head of Carbon Black’s Developer Network, I look forward to working with many more of you over the coming months to discover new and exciting ways that you can leverage Carbon Black’s Open APIs and our new integration with Splunk to solve important challenges.

At Carbon Black, we firmly believe that winning requires security vendors work together and with our customers to design integrated and novel solutions to today’s challenges. It’s why we’ve invested heavily in building the most comprehensive and open technology ecosystem of any next-generation endpoint security provider and just in the past few weeks you’ve seen us continue to pioneer industry-first solutions with Splunk, IBM, Fortinet and other security leaders.

If you are not leveraging any of these integrations in your environment today, our new Splunk app is a great place to start but it’s only the beginning and I and the entire Carbon Black developer relations team are here to help.

TAGS: Adaptive Response / Carbon Black / Splunk