Carbon Black

The QRadar® product data source type for Carbon Black collects endpoint protection events from a Carbon Black server.
To integrate Carbon Black with the QRadar product, complete the following steps:
  1. Obtain the API credentials for your Carbon Black instance. For more information, see the Keys and Permissions section of the Carbon Black App for IBM QRadar - Installation & User Guide (https://developer.carbonblack.com/reference/carbon-black-cloud/integrations/qradar/user-guide/#setup-built-in-input).
  2. If the QRadar product does not automatically detect the data source, add a Carbon Black data source to the QRadar product. The following table describes the parameters that require specific values for Carbon Black event collection:
    Table 1. Carbon Black data source parameters
    Parameter Value
    Data source type Carbon Black
    Connector type

    Syslog

For more information about adding a data source in the QRadar product, see Adding ingestion data sources.

If you are an IBM® QRadar user, see Terminology changes for QRadar customers.