Blumira’s modern SIEM platform integrates with VMware Carbon Black’s Endpoint Protection to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.
When configured, the Blumira integration with VMware Carbon Black’s Endpoint Protection will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Required Blumira Module: Logger
Carbon Black Protection (CBP) has a number of methods for log and event collection. At this point, Blumira recommends the syslog method of collection, but may include API collection in the future for additional coverage into the environments.
Prior to starting this configuration, ensure that you have the IP to the Blumira Sensor you intend to send the data to and that the Blumira Sensor has the latest version of the Logger module. Additionally, the CBP server must be able to send SYSLOG 514 TCP/UDP to your Blumira Sensor.