Carbon Black
The QRadar® product
data source type for Carbon Black collects endpoint protection events from a Carbon Black
server.
To integrate Carbon Black with the QRadar product, complete the following steps:
- Obtain the API credentials for your Carbon Black instance. For more information, see the Keys and Permissions section of the Carbon Black App for IBM QRadar - Installation & User Guide (https://developer.carbonblack.com/reference/carbon-black-cloud/integrations/qradar/user-guide/#setup-built-in-input).
- If the QRadar product does not automatically detect
the data source, add
a Carbon Black data source to the QRadar product. The following table describes
the parameters that require specific values for Carbon Black event collection:
Table 1. Carbon Black data source parameters Parameter Value Data source type Carbon Black Connector type Syslog
For more information about adding a data source in the QRadar product, see Adding ingestion data sources.
If you are an IBM® QRadar user, see Terminology changes for QRadar customers.