What are the Supported Vendors for the Carbon Black Event Forwarder Connector?

What are the Supported Vendors for the Carbon Black Event Forwarder Connector?

search cancel

What are the Supported Vendors for the Carbon Black Event Forwarder Connector?

book

Article ID: 287573

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What are the supported vendors for the CB Event Forwarder connector using EDR?

Environment

EDR Server: All Supported Versions
Carbon Black Event Forwarder: All Supported Versions

Resolution

Vendor	Output Type	Output Format	Links
IBM Qradar	Syslog	LEEF	Qradar Connector Guide
Splunk	Splunk (recommended) S3 Syslog	JSON	Splunk Add-on for Carbon Black Splunk Add-on for Amazon Web Services
Sumo Logic	S3	JSON	Configure an Amazon S3 Source
LogRhythm	Syslog	LEEF	Device Configuration and Mapping Guides
RSA NetWitness	S3	LEEF	NetWitness Configuration Guide

Additional Information

Legacy Rsyslog templates (e.g., CEF) are no longer supported in CB Event Forwarder version 3.x and Higher.
ArcSight, which uses Legacy Rsyslog, is no longer supported at this time.
SUMO output format is supported in CB Event Forwarder version 4.x and later.
The CEF output format is supported in CB Event Forwarder version 4.x and later.
Event Forwarder Guide is here.

Feedback

thumb_up Yes

thumb_down No