Document toolboxDocument toolbox

edr.carbonblack

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
5 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 Table structure ] [ 4 How is the data sent to Devo? ]

Introduction

The tags beginning with edr.carbonblack identify events generated by VMware Carbon Black.

Tag structure

The full tag must have 3 levels. The first two are fixed as edr.carbonblack. The third level identifies the type of events sent.

Product / Services

Tags

Data tables

Product / Services

Tags

Data tables

Carbonblack

edr.carbonblack.alert

edr.carbonblack.binary

edr.carbonblack.feed

edr.carbonblack.ingress

edr.carbonblack.watchlist

edr.carbonblack.protect

edr.carbonblack.alert

edr.carbonblack.binary

edr.carbonblack.feed

edr.carbonblack.ingress

edr.carbonblack.watchlist

edr.carbonblack.protect

Table structure

These are the fields displayed in the table:

How is the data sent to Devo?

You can forward logs generated by VMware Carbon Black using any Syslog drain (for example, Syslog-ng) or through Devo Relay.