Ship alerts from VMware Carbon Black to your Cloud SIEM.


Configure VMware Carbon Black to send logs to an S3 Bucket

Follow the guidelines provided by VMware Carbon Black to forward logs to an S3 bucket.

Configure to read VMware Carbon Black logs from an S3 Bucket

Required permissions:

  • A user with permissions to list the buckets on the relevant S3 Bucket.
  • Permission to Get from all the paths under the bucket name.
  • If you run into issues, please reference our guide for troubleshooting S3 user permissions.

In your account, use the S3 Bucket wizard to configure to read the logs from your S3 Bucket.

Check for your logs

Give your logs some time to get from your system to ours, and then open Kibana and search for type: carbon_black.

If you still don’t see your logs, see log shipping troubleshooting.