Articles in this section

See more

SkyFormation for CB (Carbon Black) Cloud Connector Overview

Avatar
Nadav Lavy (Greenberg)
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

Exabeam supports 3 data sources for VMware CarbonBlack:
  1. Audit Log - via the CarbonBlack cloud connector
  2. CB Defense events (VMware Carbon Black Cloud Endpoint Standard) - via the Custom Application Cloud Connector 
  3. CB ThreatHunter alerts (VMware Carbon Black Cloud Enterprise EDR) - via the Custom Application Cloud Connector - EARLY ACCESS
  

Connector's API/Audit Sources & Events Supported

Audit Source (API) Service/Module Covered Event Included

Event forwarder

(via the custom application connector)

 CB Defense Events (VMware Carbon Black Cloud Endpoint Standard)
  • endpoint.event.apicall
  • endpoint.event.crossproc
  • endpoint.event.filemod
  • endpoint.event.moduleload
  • endpoint.event.netconn
  • endpoint.event.procend
  • endpoint.event.procstart
  • endpoint.event.regmod

Event forwarder

(via the custom application connector)

CB ThreatHunter Alerts - EARLY ACCESS

(VMware Carbon Black Cloud Enterprise EDR)

  • endpoint activity data and alerts

Audit Log Events

(Via the carbon black cloud connector)

  

Audit log notifications. Event example 

  • Log in attempts by users
  • Updates to connectors
  • Creation of connectors


How to add CB Cloud Connector to SkyFormation app

To collect the Audit Log Events, please add the Exabeam Cloud Connector for Carbon Black Defense. See detailed instructions here --> Adding SkyFormation for CB Defense connector

To collect the CB Defense Events , CB ThreatHunter Alerts (Early Access) or both, please see the following guide --> Collecting Carbon Black Defense and Threat Hunter feeds into Exabeam

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.