Overview
Blumira’s modern SIEM platform integrates with VMware Carbon Black App Control (formerly CB Protection) to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.
When configured, the Blumira integration with VMware Carbon Black App Control will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Additionally, ensure that the CBP server is able to send SYSLOG 514 TCP/UDP to your Blumira sensor.
Configuring Carbon Black App Control
- Log in to the App Control Console and navigate to System Configuration > Events > Edit.
- In the External Event Logging window, click the check box next to Syslog Enabled.
- Enter the relevant details for the Syslog application:
- In Syslog Address, enter the IP address of your Blumira Sensor.
- In Syslog Port, enter 514.
- Set the Syslog Format to RFC5424.
- Click Update and review the changes.
- Click Yes to apply the changes.