AlienVault® USM Anywhere™

Collecting Logs from Carbon Black

Role Availability Read-Only Analyst   Manager

Carbon Black is a recognized leader in next-generation endpoint security, and its CB Endpoint Security Platform includes these products:

  • CB Response (incident response and threat hunting)
  • CB Protection (application control)
  • CB Defense (next-generation antivirus)

To fully integrate USM Anywhere with your Carbon Black implementation, you should configure your Carbon Black applications to send syslogAn industry standard message logging system that is used on many devices and platforms. log data to USM Anywhere so that it can collect and normalizeNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the raw Carbon Black log data. The combination of the log data processed by the Carbon Black plugins and the configuration of the AlienApp for Carbon Black to connect to the CB Response API provides a full scope of data analysis and response within USM Anywhere.

USM Anywhere includes plugins for the CB Response, CB Protection, and CB Defense products. These plugins provide data normalization and analysis for the log data. You must configure each of your Carbon Black products to send log data to a USM Anywhere SensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. using syslog. When this configuration is in place for CB Protection or CB Response, you must also manually enable the plugin in USM Anywhere for the affected assets.