CB Logs 'Indicator' Information Addition to Splunk

[Justangatang]

Hello,

Right now when we view Carbon Black events in Splunk, it provides a roll-up for each event, (e.g.'Threats'). The logs provide a list of 'Indicators', however with just minor information, example pic below:

Can any of the other information related to these indicators be sent to Splunk? We're looking for information such as:

• The 'Application' column
  -- The executing process owner (possibly separated from the Application column)
• The 'Event' column
  -- The connection details that each of the apps made. (possibly separated from the event column)

Example pic of the CB interface:

This would help us create better aggregation within the Splunk searches.