If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
Exabeam supports 3 data sources for VMware CarbonBlack:
- Audit Log - via the CarbonBlack cloud connector
- CB Defense events (VMware Carbon Black Cloud Endpoint Standard) - via the Custom Application Cloud Connector
- CB ThreatHunter alerts (VMware Carbon Black Cloud Enterprise EDR) - via the Custom Application Cloud Connector - EARLY ACCESS
Connector's API/Audit Sources & Events Supported
Audit Source (API) | Service/Module Covered | Event Included |
---|---|---|
Event forwarder (via the custom application connector) |
CB Defense Events (VMware Carbon Black Cloud Endpoint Standard) |
|
Event forwarder (via the custom application connector) |
CB ThreatHunter Alerts - EARLY ACCESS (VMware Carbon Black Cloud Enterprise EDR) |
|
(Via the carbon black cloud connector) |
Audit log notifications. Event example
|
How to add CB Cloud Connector to SkyFormation app
To collect the Audit Log Events, please add the Exabeam Cloud Connector for Carbon Black Defense. See detailed instructions here --> Adding SkyFormation for CB Defense connector
To collect the CB Defense Events , CB ThreatHunter Alerts (Early Access) or both, please see the following guide --> Collecting Carbon Black Defense and Threat Hunter feeds into Exabeam
Comments
0 comments
Please sign in to leave a comment.