How to Configure cb-defense-syslog.conf for Syslog Connector

How to Configure cb-defense-syslog.conf for Syslog Connector

search cancel

How to Configure cb-defense-syslog.conf for Syslog Connector

book

Article ID: 285013

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

How to configure the cb-defense-syslog.conf file used by the Carbon Black Cloud Syslog Connector

Environment

Carbon Black Cloud Web Console: All Versions
- EndPoint Standard: All Versions
- Enterprise EDR: All Versions
CBC Syslog Connector: All Versions

Resolution

Review Github documentation located HERE.
For a sample configuration file please click HERE

Additional Information

The Syslog Connector requires the use of an API Access Level API Key.
If using multiple CBC Instances for this SIEM, you can configure additional servers with their connector_id, api_key, and server_url at the bottom of the config file. An example is included by default.
The leef output version is only version 2.0. version 1.0 is not supported

Feedback

thumb_up Yes

thumb_down No