Does Panther support importing alerts produced by CarbonBlack within Panther as log events?
QUESTION
Does Panther support natively importing alerts produced by CarbonBlack within Panther as log events?
ANSWER
Panther supports the following methods of ingesting logs from Carbon Black:
- Carbon Black Audit Logs API: Panther can fetch Carbon Black audit logs by directly querying the the Carbon Black API.
- Carbon Black Data Streaming: Panther can ingest Carbon Black data regarding alerts, endpoint events, and watchlist hits using Carbon Black's data streaming feature via AWS S3.
For more information, see the Carbon Black Logs documentation.