Document toolboxDocument toolbox

edr.carbonblack

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
1 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ]

Introduction

The tags beginning with edr.carbonblack identify events generated by VMware Carbon Black.

Tag structure

The full tag must have 3 levels. The first two are fixed as edr.carbonblack. The third level identifies the type of events sent.

Technology

Brand

Type

Technology

Brand

Type

edr

carbonblack

  • alert

  • binary

  • feed

  • ingress

  • watchlist

Therefore, the valid tags and tables include:

  • edr.carbonblack.alert

  • edr.carbonblack.binary

  • edr.carbonblack.feed

  • edr.carbonblack.ingress

  • edr.carbonblack.watchlist

How is the data sent to Devo?

You can forward logs generated by VMware Carbon Black using any Syslog drain (for example, Syslog-ng) or through Devo Relay.