At A Glance: The Cb Enterprise Protection for Splunk enables users to conduct advanced endpoint analytics and view dashboards of Carbon Black endpoint and server data in real-time. This provides administrators with greater insight into enterprise file Carbon Black and security-related events. Additionally, combining Carbon Black data with other data sources in Splunk can provide security teams with a quick, holistic view of their security environment for improved analysis and operation. Highlights: • Use Splunk’s powerful machine data analysis to create new dashboards that combine Carbon Black file and event data with other information sources for an infrastructure-wide view of activity. • View all endpoint and server deployment activity at a glance for better operational tuning of Cb Enterprise Protection. • Quickly perform file and computer investigations from a single dashboard. • Gain full visibility into all employee activity to detect insider threats and perform administrator audits. • Create custom and ad-hoc queries. System Requirements: • Splunk 5.0 or greater. • Cb Enterprise Protection 7.2 or greater. Download Today Cb Enterprise Protection Platform and Splunk Integrate and Visualize data for faster actionable intelligence. Security operation teams today need fast, actionable intelligence from tools that combine multiple sources of information and then apply contextual analysis to provide quick, at-a-glance answers to key security and operational questions. Now, thanks to a partnership between Carbon Black and Splunk, security organizations are able to unite real-time endpoint data from the Cb Enterprise Protection with other relevant security information, such as network and other enterprise data sources, into a holistic view of the security environment. To make integration easier and improve operational intelligence, Carbon Black and Splunk have developed an application which will automatically import file activity and event data from the Cb Enterprise Protection into Splunk Enterprise for advanced security reporting and analysis. Available for free through the Splunk App Store, the “Cb Enterprise Protection App for Splunk” enables users to take advantage of the Splunk’s powerful visualization and analysis capabilities to enhance operational management of the Cb Enterprise Protection and gain greater levels of actionable intelligence for more efficient security investigations and audits. With the Splunk app for Cb Enterprise Protection, you can: • Use preset views and dashboards to monitor endpoint activity (file activity, blocks, approval, alerts, events, etc) at a glance for better operational tuning. • Quickly perform file specific or endpoint level investigations using a single dashboard for comprehensive and timely investigations. • Perform administrator audits to gain full visibility into a trusted source of change. • Create custom and ad-hoc queries on Cb Enterprise Protection activity or correlate Cb Enterprise Protection data with other sources for deeper levels of actionable intelligence. Cb Enterprise Protection App for Splunk Carbon Black Enterprise Protection App for Splunk DATA SHEET