CB Defense: Can the information sent to SIEMs be configured or modified?
book
Article ID: 287543
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Can the information that is sent to the SIEMs be configured?
For example: Add the Threat Category information from the CBD web console to the feed of information sent to the SIEM
Environment
CB Defense Web Console: All Versions
CB Defense SIEM Connector: All Versions
Resolution
At this time, the only configurations allowed for the SIEM output is what type of events are sent, configured in the Notification settings. It is not possible to modify what information is sent inside of those events.
Additional Information
There is an open feature request in the Idea Central to add this capability to the product here: https://community.carbonblack.com/t5/Idea-Central/More-Complete-Logging-of-Events-to-SIEM-through-Connector/idi-p/64730