7th October 2022

How to Set Log Send to Splunk SIEM via Carbon Black EDR?

We will make settings via Carbon Black Response to send Log to Splunk SIEM via Carbon Black EDR. First, the “Event Forwarder” module must be installed from the Carbon Black Master server. Then, we click on the “Event Forwarder” tab over Carbon Black EDR as below.

Event Forwarder
Event Forwarder

 

Then we select “Syslog” in the “Type” tab in the “Output” section below. Then, in the “Syslog destination” section, we enter the format-IP and port information of the Siem server. For example, you can define it as “udp:192.168.10.11:514“. An example is also shown in the picture. In the “Format” section, we select “JSON“. Save by clicking the “Save” button above. We also stop the service by clicking the “Stop service” button on the right. We start the service by clicking the “Start service” button again. Finally, you can check from Siem whether the log is gone or not.

Syslog
Syslog

 

LEARN MORE  What are Domain Group Policy and Group Policy Types?

Leave a Reply

Your email address will not be published. Required fields are marked *