Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Does The Splunk Add-on Or App Ingest Console Audit Logs

Carbon Black Cloud: Does The Splunk Add-on Or App Ingest Console Audit Logs

Environment

  • Carbon Black Cloud Console: All Versions
  • CB Defense Add-On for Splunk: Version 2.0.1
  • CB Defense App for Splunk: Version 1.1.4

Question

Does the Splunk add-on / app for Carbon Black Cloud (formerly PSC: Defense / Threat Hunter) support Audit log ingestion?

Answer


Additional Notes

It is possible to insert the Audit log data into a siem by using the Carbon Black Cloud syslog connection found here. When setting up the connector do not specify a SIEM key (so that notifications are not being pulled) ONLY specify an API key. Then configure the connector to send syslog out to your Splunk indexer / Forwarder. Then configure a standard syslog input within your Splunk to accept this syslog data.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
727
Contributors