12/31/2023 0 Comments Splunk qradarCan the VMware Carbon Black Cloud Splunk App ingest only the Alerts and not the event data or the audit information?.This approach supports ingesting the enriched events associated with CB Analytics Alerts through an Alert Action. The alternative is to use the built-in inputs packaged with the VMware Carbon Black Cloud App or Input Add-on, which leverages the Carbon Black Cloud REST APIs. This approach is required to ingest Endpoint Event data. The Forwarder is the recommended approach for ingesting Alerts and Endpoint Events into Splunk due to its reliability, scale, and low latency.Is it a requirement to use the data forwarder?.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |