Carbon Black Cloud Syslog Connector
The Syslog Connector lets administrators forward alert notifications and audit logs from their Carbon Black Cloud instance to local, on-premise systems, and:
- Generates pipe-delimited syslog messages with alert metadata identified by the streaming prevention system
- Aggregates data from one or more Carbon Black Cloud organizations into a single syslog stream
- Can be configured to use UDP, TCP, or encrypted (TCP over TLS) syslog protocols
Requirements
- Endpoint Standard or Enterprise EDR
The Data Forwarder is the recommended export method for reliable and guaranteed delivery of Carbon Black Cloud Alerts. This method works at scale to support any size customer or MSSP by writing jsonl zipped content to an S3 bucket. The Data Forwarder can be configured in the Carbon Black Cloud console under Settings > Data Forwarder
or using the Data Forwarder API.
Alternatively, the Alerts API can be used. Further detail is in the Alert Bulk Export Guide.
Installation
Helpful Links
How to Automate
The syslog connector can be automated on all Platforms. Please select your desired Operating System for more information.