Skip to content

Carbon Black Protection

RFC 5424 Format

Key facts

  • MSG Format based filter
  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on none

Sourcetypes

sourcetype notes
vmware:cb:protect Common sourcetype

Source

source notes
carbonblack:protection:cef Note this method of onboarding is not recommended for a more complete experience utilize the json format supported by he product with hec or s3

Index Configuration

key source index notes
vmware_cb-protect carbonblack:protection:cef epintel none

Legacy CEF Format

Key facts

  • MSG Format based filter
  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on none

Sourcetypes

sourcetype notes
cef Common sourcetype

Source

source notes
carbonblack:protection:cef Note this method of onboarding is not recommended for a more complete experience utilize the json format supported by he product with hec or s3

Index Configuration

key source index notes
Carbon Black_Protection carbonblack:protection:cef epintel none