Knowledge Base

Yes

Environment

What are the supported vendors for the CB Event Forwarder connector using Hosted EDR?

Vendor	Output Type	Output Format	Links
IBM Qradar	Syslog	LEEF	https://api.xforce.ibmcloud.com/hub/extensionsNew/d3ab287946035efd54449455f9dca204/QRadar%20Connecto... https://exchange.xforce.ibmcloud.com/hub/extension/carbon_black_bit9
Splunk	Splunk (recommended) S3 Syslog	JSON	http://docs.splunk.com/Documentation/AddOns/released/Bit9CarbonBlack/About http://docs.splunk.com/Documentation/AddOns/latest/AWS/Description
Sumo Logic	S3	JSON	https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/AWS...
LogRhythm	Syslog	LEEF	https://docs.logrhythm.com/docs/devices/syslog-log-sources/syslog-cb-response-leef/configure-cb-resp...
RSA NetWitness	S3	LEEF	https://community.carbonblack.com/message/22386 https://community.rsa.com/docs/DOC-84689

Legacy Rsyslog templates (e.g., CEF) are no longer supported in CB Event Forwarder version 3.x.
ArcSight, which uses Legacy Rsyslog, is no longer supported at this time.