• Carbon Black Cloud: All Version
• Windows: All Version
• Python: 3.x

1. Install Python How to Install Python On Windows
2. Install Pip How to Install PIP on Windows
3. Run the following command line to install cbc-syslog connector

   pip install cbc-syslog

4. Create a .txt file for Logs on any preferable location.
5. Create an empty backup folder. The location of this back_up_dir folder needs to be updated in the Configuration file Sample Config File as follow

   back_up_dir = C:\Users\jdoe\Documents\back_up_dir
   

6. Copy and paste the configuration file as "cbc_syslog.conf" on any preferable location. Example sample file is available here, modify it to your own specifications.
7. Navigate to the below mentioned path:

   <Directory on which python was installed>\Python3.x\Lib\site-packages\cbc_syslog

8. Run the following command to initiate the Python script:

   python cb_defense_syslog.py -l [LOG_FILE_LOCATION] -c [CONFIG_FILE_LOCATION]

• Example output:

C:\Python27\Lib\site-packages\cbc_syslog>python cb_defense_syslog.py -l C:\Pip\Logs.txt -c C:\Syslog\Syslog.conf
INFO:__main__:CB Defense Syslog 2.0
INFO:__main__:Number of files in store forward: 0
INFO:__main__:Found 1 Cb Defense Servers in config file
INFO:__main__:Handling notifications for https://api-prod05.conferdeploy.net/
INFO:notifications:Attempting to connect to url: https://api-prod05.conferdeploy
.net/
INFO:notifications:<Response [200]>
INFO:notifications:successfully connected, no alerts at this time
INFO:__main__:Sending Notifications
INFO:__main__:There are no messages to forward to host
INFO:__main__:Done Sending Notifications
INFO:__main__:Sending Audit Logs
INFO:__main__:Sending 32 messages to 198.0.2.1:2269

• Both API and SIEM level access keys should be configured in the .conf file and notification should be configured for SIEM key.
• The Script can be automated using Windows Task Scheduler How to Create a Scheduled Task to Run your Python Scripts