Event Forwarder Filtering Now Available
Posted on September 23, 2020
Carbon Black Cloud customers using the Event Forwarder now have additional capabilities to filter endpoint.event data delivered to their designated S3 bucket.
Users of the Data Forwarder can now filter data by:
- Event_origin
- Type
- Alert_id
- Sensor_action
These filters are available with the .59 release.
(Advanced filtration was made available later)
What is the Data Forwarder?
The Carbon Black Cloud Data Forwarder enables users to extract data from our console to be used in external dashboards and tools alongside other security data. The recently added Event Forwarder filters enable users to extract a more targeted dataset to be exported and integrated into other systems and tools.
In future releases, look for more advanced filtration, LiveQuery forwarding and alternative destinations.
Getting Started
For more information about setting up and configuring the Data Forwarder in your environment, please visit the resources below:
- Configuration Guide which has step by step instructions to configure the Destination / Provider. The options available are:
- AWS S3 Bucket
- Azure Blob Storage, released in January 2024.