logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Defense: Can the information sent to SIEMs be configured or modified?

CB Defense: Can the information sent to SIEMs be configured or modified?

Environment

  • CB Defense Web Console: All Versions
  • CB Defense SIEM Connector: All Versions

Question

Can the information that is sent to the SIEMs be configured?
  • For example: Add the Threat Category information from the CBD web console to the feed of information sent to the SIEM

Answer

At this time, the only configurations allowed for the SIEM output is what type of events are sent, configured in the Notification settings. It is not possible to modify what information is sent inside of those events.

Additional Notes

There is an open feature request in the Idea Central to add this capability to the product here: More Complete Logging of Events to SIEM through Connector Notifications 

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎02-25-2019
Views:
1023
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.