CB Defense: Can the information sent to SIEMs be configured or modified?
search cancel

CB Defense: Can the information sent to SIEMs be configured or modified?

book

Article ID: 287543

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Can the information that is sent to the SIEMs be configured?
  • For example: Add the Threat Category information from the CBD web console to the feed of information sent to the SIEM

Environment

  • CB Defense Web Console: All Versions
  • CB Defense SIEM Connector: All Versions

Resolution

At this time, the only configurations allowed for the SIEM output is what type of events are sent, configured in the Notification settings. It is not possible to modify what information is sent inside of those events.

Additional Information

There is an open feature request in the Idea Central to add this capability to the product here: https://community.carbonblack.com/t5/Idea-Central/More-Complete-Logging-of-Events-to-SIEM-through-Connector/idi-p/64730 
Powered by Wolken Software