Endpoint Standard: Events not forwarding properly to Azure server
book
Article ID: 290266
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Alerts and Notifcations forward properly, but events do not
- API and SIEM integrations have been configured
Environment
- Carbon Black Cloud Console: All Versions
- Azure Sentinel with Azure Function
Cause
- Events cannot be pulled from SIEM integrations. Events can only be ingested from S3 integrations.
- Microsoft has not designed its integration to pull events following the proper channels
Resolution
This connector is developed and owned by Microsoft. Open a case with Microsoft support to adjust the connector
Feedback
thumb_up
Yes
thumb_down
No