Data Forwarder Schema
This document describes the available data schemas that the data forwarder can forward today and the fields each schema contains.
If you have not created a Data Forwarder see the Data Forwarder Configuration API Documentation or check out the Carbon Black Cloud User Guide - Settings - Data Forwarders for how to create one in the Carbon Black Cloud console.
For setting up the AWS S3 bucket, bucket policy, bucket encryption and more check out the Integrations > Data Forwarder page.
Basic data types such as “int” and “string” map directly to the corresponding JSON data types. Additional data types are described below:
- Base64 - JSON string containing base64 encoded binary data.
- Ipaddr - JSON string containing canonically formatted IPv4 or IPv6 address.
- Datetime - JSON string containing ISO 8601 date/time format. If no time zone is included, UTC is assumed. All timestamps emitted by the Data Forwarder are sent in ISO 8601 format.
- String enum - JSON string containing the stringified version of the enum from the relevant protobuf field, with the common prefix stripped off. For example, “BLOCK”.
- String enum bitmask - Same as above, but for bitmask input fields, add OR " | " markers between each set bit. For example, for a CbFileAction of 0x300 would be “OPEN_READ | OPEN_WRITE”.
|alert 2.0.0||July, 2023|
|endpoint.event 1.0.0||December, 2019|
|watchlist.hit 1.0.0||December, 2021|
|Schema||Deprecated Date||Targeted Deactivation Date|
|alert 1.0.0||July, 2023||July 31, 2024|
Use this form to give us feedback about this site or any of the documentation.
Last modified on September 21, 2023