The ITSI Content Pack for Carbon Black from Kinney Group is specifically designed to monitor the system health and performance of the Carbon Black system. It leverages Splunk ITSI to provide in-depth analysis and visualization of logs for Carbon Black, ensuring critical systems are operating optimally. This content pack is an essential tool for IT professionals looking to enhance the reliability and performance of their security infrastructure.
- Comprehensive System Health Monitoring: Offers detailed insights into the overall health and performance of the Carbon Black system, including data ingestion, event monitoring, and performance metrics.
- Critical Event Tracking: Monitors specific events and alerts generated by Carbon Black, helping IT professionals swiftly identify and address potential security threats.
- Enhanced Resource Efficiency: Facilitates better decision-making on resource allocation and system adjustments by analyzing performance trends and detecting inefficiencies across the infrastructure.
Kinney Group ITSI Content Pack Blog
This ITSI Content Pack is open source and available for community collaboration and enhancement on GitHub.
For more information about Kinney Group's Splunk Products, visit our website
The ITSI Content Pack for Carbon Black contains service definitions and KPIs ready to import to ITSI. The KPI Thresholds and importance values are set to defaults so that they can be tuned manually for your use case. After configuration, this content pack provides a comprehensive view of the health and performance of the Carbon Black system.
Kinney Group ITSI Content Pack Blog
For more information about Kinney Group's Splunk Products, visit our website
Carbon Black monitoring encompasses several specialized services, each targeting specific aspects of system performance and security:
- System Health Monitoring
- Description: Monitors the overall health and performance of the Carbon Black system.
- Event Monitoring
- Description: Monitors specific events and alerts generated by Carbon Black.
- Performance Metrics
- Description: Tracks performance metrics such as CPU usage, memory usage, and disk I/O for the systems running Carbon Black.
- Error Logs
- Description: Regularly reviews error logs from Carbon Black to identify any recurring issues or errors.
- User Activity
- Description: Monitors user activity within Carbon Black to detect any unauthorized access or unusual behavior.
Each service utilizes specific KPIs to measure its effectiveness:
- Notifications and Event Data
- Description: Ensure that the Splunk platform is correctly collecting notifications and event data from Carbon Black.
- Watchlist Hit Notifications
- Description: Track and analyze watchlist hit notifications to identify potential security threats or anomalies.
- Feed Hit Notifications
- Description: Monitor feed hit notifications to detect any matches against known threat intelligence feeds.
- New Binary Instance Notifications
- Description: Keep an eye on new binary instance notifications to detect the introduction of new executables in the environment.
- System Resource Utilization
- Description: Monitor CPU, memory, and disk usage on the Splunk servers handling Carbon Black data.
- Event Ingestion Rate
- Description: Monitor the rate at which events are being ingested from Carbon Black.
- Event Parsing Errors
- Description: Track any errors in parsing events to ensure data integrity.
- Latency
- Description: Measure the time taken for events to appear in Splunk after being generated in Carbon Black.
- Error Log Collection
- Description: Regularly collect error logs from Carbon Black.
- Error Analysis
- Description: Analyze error logs to identify any recurring issues or errors.
- User Access Logs
- Description: Monitor user access logs to detect any unauthorized access.
- Activity Analysis
- Description: Analyze user activity to identify unusual behavior.
Services are interconnected; for instance, System Health Monitoring is dependent on Data Collection, Event Monitoring, Performance Metrics, Error Logs, Update and Patch Status, User Activity, and Integration Health. Similarly, Event Monitoring relies on Notifications and Event Data, Watchlist Hit Notifications, Feed Hit Notifications, New Binary Instance Notifications, Binary File Upload Complete Notifications, and Raw Endpoint Events.
Some services form a hierarchy, such as Data Collection depending on Data Ingestion Configuration and Verification of Data Ingestion, illustrating a layered approach to performance monitoring where base metrics support broader performance indicators.
Kinney Group ITSI Content Pack Blog
To provide feedback, visit our Github and Readme for our content packs.
For more information about Kinney Group's Splunk Products, visit our website
| Version | Date | Description |
|---|---|---|
| 0.0.1 | 06/4/24 | Initial Preview Release |