Hosted EDR: What are the Supported Vendors for the CB Event Forwarder Connector?

Hosted EDR: What are the Supported Vendors for the CB Event Forwarder Connector?

search cancel

Hosted EDR: What are the Supported Vendors for the CB Event Forwarder Connector?

book

Article ID: 287573

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What are the supported vendors for the CB Event Forwarder connector using Hosted EDR?

Environment

Hosted EDR: All Versions
CB Event Forwarder: Version 3.x and Below

Resolution

Vendor	Output Type	Output Format	Links
IBM Qradar	Syslog	LEEF	https://api.xforce.ibmcloud.com/hub/extensionsNew/d3ab287946035efd54449455f9dca204/QRadar%20Connector%20Guide.pdf https://exchange.xforce.ibmcloud.com/hub/extension/carbon_black_bit9
Splunk	Splunk (recommended) S3 Syslog	JSON	http://docs.splunk.com/Documentation/AddOns/released/Bit9CarbonBlack/About http://docs.splunk.com/Documentation/AddOns/latest/AWS/Description
Sumo Logic	S3	JSON	https://help.sumologic.com/Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/AWS_S3_Source
LogRhythm	Syslog	LEEF	https://docs.logrhythm.com/docs/devices/syslog-log-sources/syslog-cb-response-leef/configure-cb-response-leef
RSA NetWitness	S3	LEEF	https://community.carbonblack.com/message/22386 https://community.rsa.com/docs/DOC-84689

Additional Information

Legacy Rsyslog templates (e.g., CEF) are no longer supported in CB Event Forwarder version 3.x.
ArcSight, which uses Legacy Rsyslog, is no longer supported at this time.

Feedback

thumb_up Yes

thumb_down No