Carbon Black Cloud is a cloud-native endpoint protection platform (EPP) that provides what you need to secure your endpoints using a single, lightweight agent and an easy-to-use console.

Integrate Carbon Black Cloud with Datadog to gain insights into Alerts, Audit Logs, Auth Events, Endpoint Events and Watchlist Hits using pre-built dashboard visualizations. Additionally, integration includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security.

• Please refer the Use AWS S3 guide.

Refer to the Datadog Forwarder documentation for detailed configuration guidance.

• During the Datadog Forwarder configuration, set the source as follows:
  • For CloudFormation deployments, set DdSource to carbon-black-cloud.
  • For Terraform deployments, set dd_source to carbon-black-cloud.
  • For Manual deployments, set the DD_SOURCE environment variable to carbon-black-cloud.

1. Login to Carbon Black Cloud console as a Super Admin privileges.
2. On the left navigation pane, click Settings > Data Forwarders.
3. Click Add Forwarder.
4. Enter a unique name for the Data Forwarder.
5. Select a Type from the dropdown list.
6. Select an AWS S3 option from the provider dropdown list.
7. Enter the S3 bucket name you have created on AWS.
8. Enter any S3 prefix of your choice.
9. Set the forwarder status to On.
10. To apply the changes, click Save.

The Carbon Black Cloud integration collects Alert, Audit log, Auth event, Endpoint event, and Watchlist hit logs.

The Carbon Black Cloud integration does not include any metrics.

The Carbon Black Cloud integration does not include any events.

For any further assistance, contact Datadog support.