Carbon Black Defense

Content Pack

Graylog Content Pack supporting events received via a Cb Defense Syslog Connector

colin-stubbs

free!

Download from Github View on Github 0 0

Published

13 Dec 19:38

Last Push

29 Dec 17:47

Marketplace Rating

No rating yet

Discussion

0 Comments

Readme from Github

Carbon Black Defense Graylog Content Pack

Graylog Content Pack supporting events from Cb Defense

Spawns input on TCP/11000 with appropriate extractors Includes stream matching all Cb Defense events Includes dashboard to summarise Cb Defense notifications

TODO

Enrich with human readable severity?

Cb Defense Syslog Connector

Utilise the connector from here: https://developer.carbonblack.com/reference/cb-defense/connectors/

Cb Defense Syslog Connector Config

A slightly modified cb-defense-syslog.conf.example file exists in this repo; this has an updated output template for the Cb Defense Syslog Connector which prefixes logs with "cb_defense|" in order to provide easier matching for application of the extractor.

Salt Stack Based Deployment

Refer to the following formula: https://github.com/colin-stubbs/salt-formula-cb-defense-syslog

Published

Last Push

Marketplace Rating

Discussion

Your Rating

Comments