Environment
- Carbon Black Cloud Console: All Versions
Objective
How to get started with and best practices for the Carbon Black Cloud Data Forwarder.
Resolution
Setup Overview:
- Decide on a use case and necessary Event Type for the Data Forwarder, such as Alert triage, SIEM integration, or watchlist reporting.
- Alert: All available Alerts.
- Endpoint Event: All available endpoint telemetry.
- Watchlist Hit: All available Watchlist hits.
- Configure your AWS S3 Bucket or Azure Blob Storage to receive data from Carbon Black Cloud.
- Add a Data Forwarder in the Carbon Black Cloud Console.
Tip: If using the Endpoint Event forwarder type, there are three methods of configuring which data is sent.
- Fetch the forwarded data from the destination or connect other tools to process the data, including SIEM solutions like Splunk, QRadar, or ServiceNow.
Key Resources for Custom Query Data Filters:
Key Resources for API:
Additional Notes
Related Content