Graylog Content Pack supporting events from Cb Defense
Spawns input on TCP/11000 with appropriate extractors Includes stream matching all Cb Defense events Includes dashboard to summarise Cb Defense notifications
- Enrich with human readable severity?
Utilise the connector from here: https://developer.carbonblack.com/reference/cb-defense/connectors/
A slightly modified cb-defense-syslog.conf.example file exists in this repo; this has an updated output template for the Cb Defense Syslog Connector which prefixes logs with "cb_defense|" in order to provide easier matching for application of the extractor.
Refer to the following formula: https://github.com/colin-stubbs/salt-formula-cb-defense-syslog
The content pack should create a dashboard as below.