Integrating with VMware Carbon Black Endpoint Protection

Carbon Black Protection (CBP) has a number of methods for log and event collection.  At this point, Blumira recommends the syslog method of collection, but may include API collection in the future for additional coverage into the environments.

Prior to starting this configuration, ensure that you have the IP to the Blumira Sensor you intend to send the data to and that the Blumira Sensor has the latest version of the Logger module.  Additionally, the CBP server must be able to send SYSLOG 514 TCP/UDP to your Blumira Sensor.

Syslog Setup for VMware Carbon Black Protection

1. Log in to the CB Protection console with Administrator or Power User privileges.
2. On the CB Protection Console menu, click the gear icon and select System Configuration.
3. On the System Configuration page, click the Events tab.
4. At the bottom of the page, click Edit to open the External Event Logging panel.
5. Set the event logging parameters as below:
   1. Select Syslog Enabled.
   2. In Syslog Address, enter the IP address of your Blumira Sensor.
   3. In Syslog Port, enter 514.
   4. Set the Syslog Format to RFC5424.
6. Click Update and select Yes in the confirmation dialog box.