EDR: How to create Alerts and logs to Syslog
search cancel

EDR: How to create Alerts and logs to Syslog

book

Article ID: 290336

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • How to create/enable console alerts
  • How to log an alert to syslog

Environment

  • EDR: All Supported Versions
  • Hosted EDR

Resolution

  1. Login to EDR console
  2. Navigate to Watchlist page or Threat Intelligence page
  3. On the Watchlist page: On creating new watchlist or editing an existing one, select the types of alert to create: Create Alert and/or Log to Syslog (Detailed information is available in the User Guide)
  4. On the Threat Intelligence page: click Notifications, and then select the notification types to create: Create Alert and/or Log to Syslog. (Detailed information is again available in the User Guide)
     
     

Additional Information

Log to Syslog will work only when rsyslog is enabled to send events to SIEM
Powered by Wolken Software