Ship alerts from VMware Carbon Black to your Logz.io Cloud SIEM.

Configuration

Configure VMware Carbon Black to send logs to an S3 Bucket

Follow the guidelines provided by VMware Carbon Black to forward logs to an S3 bucket.

Configure Logz.io to read VMware Carbon Black logs from an S3 Bucket

Required permissions:

  • A user with permissions to list the buckets on the relevant S3 Bucket.
  • Permission to Get from all the paths under the bucket name.
  • If you run into issues, please reference our guide for troubleshooting S3 user permissions.

In your Logz.io account, use the Logz.io S3 Bucket wizard to configure Logz.io to read the logs from your S3 Bucket.

Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Kibana and search for type: carbon_black.

If you still don’t see your logs, see log shipping troubleshooting.