CB Response: How to enable the Event Forwarder to send all events

CB Response: How to enable the Event Forwarder to send all events

search cancel

CB Response: How to enable the Event Forwarder to send all events

book

Article ID: 285745

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To enable the Event Forwarder to send all event data.

Environment

CB Response: 6.x
CB Event Forwarder

Resolution

Edit /etc/cb/integrations/event-forwarder/cb-event-forwarder.conf
Add:

EnableRawSensorDataBroadcast=true

Restart the CB Response services

Additional Information

This will notably increase the amount of data sent over the event forwarder.
It's recommended to enable only specific information to start, then add more event types to confirm the SIEM can handle the ingest of data.

Feedback

thumb_up Yes

thumb_down No