Carbon Black Protection¶
RFC 5424 Format¶
Key facts¶
- MSG Format based filter
- Legacy BSD Format default port 514
Links¶
| Ref | Link |
|---|---|
| Splunk Add-on | none |
Sourcetypes¶
| sourcetype | notes |
|---|---|
| vmware:cb:protect | Common sourcetype |
Source¶
| source | notes |
|---|---|
| carbonblack:protection:cef | Note this method of onboarding is not recommended for a more complete experience utilize the json format supported by he product with hec or s3 |
Index Configuration¶
| key | source | index | notes |
|---|---|---|---|
| vmware_cb-protect | carbonblack:protection:cef | epintel | none |
Legacy CEF Format¶
Key facts¶
- MSG Format based filter
- Legacy BSD Format default port 514
Links¶
| Ref | Link |
|---|---|
| Splunk Add-on | none |
Sourcetypes¶
| sourcetype | notes |
|---|---|
| cef | Common sourcetype |
Source¶
| source | notes |
|---|---|
| carbonblack:protection:cef | Note this method of onboarding is not recommended for a more complete experience utilize the json format supported by he product with hec or s3 |
Index Configuration¶
| key | source | index | notes |
|---|---|---|---|
| Carbon Black_Protection | carbonblack:protection:cef | epintel | none |