Back Arrow Back to All Integrations

VMware Carbon Black Endpoint Protection

VMware Carbon Black Endpoint Protection

Blumira’s modern SIEM platform integrates with VMware Carbon Black’s Endpoint Protection to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.

 

When configured, the Blumira integration with VMware Carbon Black’s Endpoint Protection will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.

Required Blumira Module: Logger

Configuring Carbon Black Protection Logging

Carbon Black Protection (CBP) has a number of methods for log and event collection.  At this point, Blumira recommends the syslog method of collection, but may include API collection in the future for additional coverage into the environments.

Prior to starting this configuration, ensure that you have the IP to the Blumira Sensor you intend to send the data to and that the Blumira Sensor has the latest version of the Logger module.  Additionally, the CBP server must be able to send SYSLOG 514 TCP/UDP to your Blumira Sensor.

Syslog Setup for VMware Carbon Black Protection

  1. Log in to the CB Protection console with Administrator or Power User privileges.
  2. On the CB Protection Console menu, click the gear icon and select System Configuration.
  3. On the System Configuration page, click the Events tab.
  4. At the bottom of the page, click Edit to open the External Event Logging panel.
  5. Set the event logging parameters as below:
    1. Select Syslog Enabled.
    2. In Syslog Address, enter the IP address of your Blumira Sensor.
    3. In Syslog Port, enter 514.
    4. Set the Syslog Format to RFC5424.
  6. Click Update and select Yes in the confirmation dialog box.