• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Does anyone have a working "cb Response JSON" plugin?


New Life Form
I've been trying for several days to get AlienVault to recognize events from Carbon Black, using the "cb Response JSON" plugin.  The vast majority of log events from CB appear to be getting dropped on the floor.  Other log events from CB show up missing an "event title", as if the plugin is unable to parse the event.

Has anyone here been able to successfully deploy the "cb Response JSON" plugin? Was it effortless or did it require some undocumented tweaking to work? I'd love to hear about any experience anyone has had with the plugin.


Share post:

Best Answer

  • Answer ✓
    Update: We discovered that the timestamp used by Carbon Black could not be parsed by the "cb Response JSON" plugin.  The Carbon Black timestamp is presented as a floating point number, which appeared to confuse the AlienVault plugin.  Forcing Carbon Black to drop the decimal from its timestamp allowed events to start appearing in AlienVault.
Sign In or Register to comment.