CBC: What are the sizing requirements when the Data Forwarder sends alert information to a SIEM
Article ID: 288262
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What are the sizing requirements when the Data Forwarder sends alert information to a SIEM?
Environment
- CBC Console: All versions.
- Endpoint Standard sensor: All versions.
- EEDR sensor: All versions.
- SIEM: All vendors, all versions.
Resolution
There are no hard numbers in bytes, since the data forwarded is configurable (both for analytics and watchlist alerts).
Details can be found in this documentation: Data Forwarder Fields
Details can be found in this documentation: Data Forwarder Fields
Feedback
Yes
No
Powered by
