Event Forwarder Filtering Now Available

Posted on September 23, 2020


Carbon Black Cloud customers using the Event Forwarder now have additional capabilities to filter endpoint.event data delivered to their designated S3 bucket.

Users of the Event Forwarder can now filter data by:

  • Event_origin
  • Type
  • Alert_id
  • Sensor_action

These filters are available with the .59 release.

What is the Event Forwarder?

The Carbon Black Cloud Event Forwarder enables users to extract data from our console to be used in external dashboards and tools alongside other security data. The recently added Event Forwarder filters enable users to extract a more targeted dataset to be exported and integrated into other systems and tools.

In future releases, look for more advanced filtration, LiveQuery forwarding and alternative destinations.

Getting Started

For more information about setting up and configuring the Event Forwarder in your environment, please visit the resources below:

Watch the video tutorial or follow the step-by-step guide for enabling the Carbon Black Cloud Event Forwarder using Postman. The guide walks you through the following:

  1. Create a bucket in your AWS Management Console
  2. Configure an AWS S3 Bucket to allow the Event Forwarder to write events
  3. Create New Access Level in the Carbon Black Cloud Console
  4. Create New API Key in the Carbon Black Cloud Console
  5. Configure the API in Postman
  6. Create a New Event or Alert Forwarder
  7. Monitor the Data Flow to the S3 Bucket