Back to Blogs

Announcing the Azure Destination for the Carbon Black Cloud Data Forwarder

Posted on January 17, 2024

Azure BLOB Storage can now be configured as the destination on the Data Forwarder for Alerts and Watchlist Hits.

Use the Azure destination for Carbon Black Cloud Data Forwarder to:

  • Comply with your organization’s SaaS cloud provider restrictions that prevent you from adopting AWS
  • Take advantage of all the Azure cloud-native integration possibilities
  • Keeps your data directly alongside your Azure-native applications
  • Reduces your data transfer and infrastructure costs by no longer having to stage your Carbon Black Cloue data in AWS S3 and then build AWS-to-Azure data transfer infrastructure

What’s changed?

Specific changes to Carbon Black Cloud Data Forwarder:

  • New Destination options:
    • In the Carbon Black Cloud console this is a new Provider choice of Azure Blob Storage, in addition to AWS S3
    • In the Data Forwarder Config API there is a new field destination which can be set to azure_blob_storage or aws_s3
  • New input fields for Azure-specific configuration:
    • In the console, after selecting Azure Blob Storage as the provider, fields to enter Tenant ID, Client ID, Storage account and Container name are displayed and are required
    • In the Data Forwarder Config API when the destination is set to azure_blob_storage the fields azure_tenant_id, azure_client_id, azure_storage_account and azure_container_name are required to configure that destination.
    • In the Data Forwarder Config API, the destination defaults to AWS S3. If it is not provided in the request then the original fields s3_bucket_name and s3_prefix are required. This enabled the addition of Azure configuration fields in a non-breaking way.

Which forwarder types are supported?

Carbon Black Cloud customers can forward the following data types to an Azure or AWS S3 destination:

  • Alert
  • Watchlist Hit
  • Coming Soon: Auth Events!

At this time, Endpoint Events are only able to be forwarded to an AWS S3 destination. Alternatives are on the roadmap for 2024.

What about Integrations?

Stay tuned! Information will be added in the next release for each of Splunk (v2.0.0), IBM QRadar (v2.3.0) and ServiceNow (v3.0).

More Information

Have questions or feedback?

  • Subscribe to the Developer Network Newsletter