Upload
duonghanh
View
217
Download
2
Embed Size (px)
Citation preview
At A Glance:
The Cb Enterprise Protection for Splunk
enables users to conduct advanced endpoint
analytics and view dashboards of Carbon Black
endpoint and server data in real-time. This
provides administrators with greater insight
into enterprise file Carbon Black and
security-related events. Additionally, combining
Carbon Black data with other data sources in
Splunk can provide security teams with a quick,
holistic view of their security environment for
improved analysis and operation.
Highlights:
• Use Splunk’s powerful machine data analysis to create new dashboards that combine Carbon Black file and event data with other information sources for an infrastructure-wide view of activity.
• View all endpoint and server deployment activity at a glance for better operational tuning of Cb Enterprise Protection.
• Quickly perform file and computer investigations from a single dashboard.
• Gain full visibility into all employee activity to detect insider threats and perform administrator audits.
• Create custom and ad-hoc queries.
System Requirements:
• Splunk 5.0 or greater.
• Cb Enterprise Protection 7.2 or greater.
Download Today
Cb Enterprise Protection Platform and SplunkIntegrate and Visualize data for faster actionable intelligence.
Security operation teams today need fast, actionable intelligence from tools that combine
multiple sources of information and then apply contextual analysis to provide quick, at-a-glance
answers to key security and operational questions. Now, thanks to a partnership between
Carbon Black and Splunk, security organizations are able to unite real-time endpoint data from
the Cb Enterprise Protection with other relevant security information, such as network and other
enterprise data sources, into a holistic view of the security environment.
To make integration easier and improve operational intelligence, Carbon Black and Splunk have
developed an application which will automatically import file activity and event data from the
Cb Enterprise Protection into Splunk Enterprise for advanced security reporting and analysis.
Available for free through the Splunk App Store, the “Cb Enterprise Protection App for Splunk”
enables users to take advantage of the Splunk’s powerful visualization and analysis capabilities
to enhance operational management of the Cb Enterprise Protection and gain greater levels of
actionable intelligence for more efficient security investigations and audits.
With the Splunk app for Cb Enterprise Protection, you can:
• Use preset views and dashboards to monitor endpoint activity (file activity, blocks, approval,
alerts, events, etc) at a glance for better operational tuning.
• Quickly perform file specific or endpoint level investigations using a single dashboard for
comprehensive and timely investigations.
• Perform administrator audits to gain full visibility into a trusted source of change.
• Create custom and ad-hoc queries on Cb Enterprise Protection activity or correlate Cb
Enterprise Protection data with other sources for deeper levels of actionable intelligence.
Cb Enterprise Protection App for Splunk
Carbon Black Enterprise Protection App for Splunk
DATA SHEET
Carbon Black believes strongly in supporting vendor interoperability to help customers build next-generation security infrastructures. That is why
Carbon Black has partnered with Splunk and other industry network and SIEM leaders to provide solutions that provide end-to-end protection
against advanced threats.
For more information on Carbon Black’s partnership with Splunk or our other strategic technical alliance partners, please visit:
www.carbonblack.com/solutions/ecosystem/
DATA SHEET
1100 Winter Street Waltham, MA 02451 USA
P 617.393.7400 F 617.393.7499
www.carbonblack.com
About Carbon Black
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention
strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance
of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to
track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also
offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been
named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their
endpoints, enabling security teams to: Disrupt. Defend. Unite.
2016 © Carbon Black is a registered trademark of Carbon Black, Inc. All other company or product names may be the trademarks of their
respective owners. 20160309 RKB