I've been trying for several days to get AlienVault to recognize events from Carbon Black, using the "cb Response JSON" plugin. The vast majority of log events from CB appear to be getting dropped on the floor. Other log events from CB show up missing an "event title", as if the plugin is unable to parse the event.
Has anyone here been able to successfully deploy the "cb Response JSON" plugin? Was it effortless or did it require some undocumented tweaking to work? I'd love to hear about any experience anyone has had with the plugin.