Blog Viewer

Endpoint Standard: What user information flows to SIEM?

By CB_Support posted Sep 21, 2020 11:06 PM

  

Environment

Carbon Black Cloud (formerly CB PSC): All versions 
Endpoint Standard (Formerly CB Defense): All versions 

Question

Which username information does logs writing to SIEM contain ?
 

Answer

SIEM would only show the information for the "Installed by" user . It does not have a filter for the current/last active users . This is by design .

Additional Notes

To know which user has triggered a particular event event/alert, an API can be called to get the “userName”.
Endpoint Standard REST API Reference - Carbon Black Developer Network


#CarbonBlackCloud
#EndpointStandard
0 comments
0 views

Permalink