Carbon Black Cloud Data Forwarder
Overview
The VMware Carbon Black Cloud platform provides SOC teams with visibility into a high volume of endpoint event context, which is critical for detection and incident response use cases. The Data Forwarder delivers that valuable endpoint event data to an AWS S3 bucket, ready for consumption by third-party solutions, such as XDR platforms, SIEMs, and Data Lake tools.
Requirements
- Carbon Black Cloud Endpoint Standard or Enterprise EDR
- Configured S3 bucket in the same region as the tenant organization from which you’ll forward data.
- It is possible to work around this requirement using S3 Cross-Region Replication (CRR).
Quick Links
- User Guide
- Quick Setup & S3 Bucket Configuration
- Add KMS Encryption to your S3 Bucket
- Data Forwarder API Documentation
- API Postman Collection
- Data Forwarder Fields
- Getting Started with Custom Query Filters
- Data Forwarder and Splunk Configuration
Use Cases
Check out top use cases for the Forwarder and useful queries for filtering your data.
Support and Resources
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community.
- Report bugs and change requests to Carbon Black Support.
- View all API and integration offerings on the Developer Network along with reference documentation, video tutorials, and how-to guides.