Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Configure cb-defense-syslog.conf for Syslog Connector

Carbon Black Cloud: How to Configure cb-defense-syslog.conf for Syslog Connector

Environment

  • Carbon Black Cloud Web Console: All Versions
    • EndPoint Standard: All Versions
    • Enterprise EDR: All Versions
  • CBC Syslog Connector: All Versions

Objective

How to configure the cb-defense-syslog.conf file used by the Carbon Black Cloud Syslog Connector


Resolution

  • Please review Github documentation located HERE.
  • For a sample configuration file please click HERE

Additional Notes

  • The CB PSC Syslog Connector requires the use of a SIEM and API Access Level API Keys. 
  • If using multiple Cb Defense Servers for this SIEM, you can configure additional servers with their connector_id, api_key, and server_url at the bottom of the config file. An example is included by default. For further help, see: Cb Defense: How to configure the Syslog Connector to pull data from Multiple Orgs
  • The leef output version is only version 2.0. version 1.0 is not supported
  • For the Syslog Connector to pull information a Notification needs to be setup because it will pull the Alert and Associated Information only for Notifications that were sent. Notifications can be setup per Carbon Black Cloud: How to Add New Notifications

Related Content


Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎11-27-2018
Views:
5538
Contributors