Cb Defense: What is the IP Address used by Cb Defense for inbound SIEM Connector connections?

Cb Defense: What is the IP Address used by Cb Defense for inbound SIEM Connector connections?

search cancel

Cb Defense: What is the IP Address used by Cb Defense for inbound SIEM Connector connections?

book

Article ID: 287815

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

What IP Addresses need to be whitelisted for the inbound connections to the Cb Defense SIEM Connector?

Environment

Cb Defense SIEM Connector: All Versions

Resolution

The URL that needs to be whitelisted is the same API URL that is configured in the cb-defense-syslog.conf file, under the server_url line.

Additional Information

The API URL's can be found here: https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-API-URLs/ta-p/3732
If you must whitelist on an IP address and cannot use a URL instead, you can run as nslookup on the URL for your backend. Please note, the IP addresses are subject to change without any notice.

Feedback

thumb_up Yes

thumb_down No