19th March 2024

How to Set Log Send to Splunk SIEM via Carbon Black EDR?

We will make settings via Carbon Black Response to send Log to Splunk SIEM via Carbon Black EDR. First, the “Event Forwarder” module must be installed from the Carbon Black Master server. Then, we click on the “Event Forwarder” tab over Carbon Black EDR as below.

Event Forwarder
Event Forwarder

 

Then we select “Syslog” in the “Type” tab in the “Output” section below. Then, in the “Syslog destination” section, we enter the format-IP and port information of the Siem server. For example, you can define it as “udp:192.168.10.11:514“. An example is also shown in the picture. In the “Format” section, we select “JSON“. Save by clicking the “Save” button above. We also stop the service by clicking the “Stop service” button on the right. We start the service by clicking the “Start service” button again. Finally, you can check from Siem whether the log is gone or not.

Syslog
Syslog

 

LEARN MORE  MSF Remote Desktop Module - rdesktop

One thought on “How to Set Log Send to Splunk SIEM via Carbon Black EDR?

Leave a Reply

Your email address will not be published. Required fields are marked *