Advanced Filtering for the Carbon Black Cloud Data Forwarder
Posted on November 8, 2021
Advanced Event Filtering with Custom Queries
Advanced Filters are now available for the VMware Carbon Black Cloud Data Forwarder. With this update you can reduce the volume
of data that’s delivered to downstream tools by providing the ability to specify precisely which events are
needed for your use case.
The Carbon Black Cloud Data Forwarder is a reliable, scalable mechanism for Carbon Black Cloud customers to access
event and alert data in near-real time within other tools and workflows without having to perform one-off API calls.
It delivers valuable endpoint event data to an AWS S3 bucket ready for consumption by third-party solutions, such as
XDR platforms, SIEMs, and Data Lake tools.
- Reduce data storage costs by filtering out unwanted endpoint events
- Target specific use cases with customized filters
- Filter out noisy, known-good datasets
- Eliminate makeshift filtering mechanisms in downstream tools by applying filters directly within Carbon Black Cloud
- Increased Filter Flexibility
- Filter on nearly all endpoint event fields
- Leverage Investigate and Watchlist style Lucene queries to further define Forwarder filters and output
- Ensure queries are accurate and valid with syntax highlighting and detailed error messages
Enhanced Ease of Use
- Filters can be given unique names for easier management and organization
- Multiple forwarders with unique filters can be created to fulfill specific use cases or multiple destinations
- Filters can either include or exclude events for maximum flexibility
- Refreshed In-console User Experience
- Streamlined user experience in-console to simplify Data Forwarder configuration and management
- Apply basic filters with a few clicks or customize with Lucene Queries
Have questions or feedback?