Carbon Black Bit9 Parity
To collect events, you must configure your Carbon Black Bit9 Parity device to forward syslog events in Log Event Extended Format (LEEF).
- Log in to the Carbon Black Bit9 Parity console with Administrator or PowerUser privileges.
- From the navigation menu on the left side of the console,
select Administration >System Configuration.
The System Configuration window is displayed.
- Click Server Status.
The Server Status window is displayed.
- Click Edit.
- In the Syslog address field, type the IP address of your JSA console or Event Collector.
- From the Syslog format list, select LEEF (Q1Labs).
- Select the Syslog enabled check box.
- Click Update.
The configuration is complete. The log source is added to JSA as Carbon Black Bit9 Parity events are automatically discovered. Events that are forwarded to JSA by Carbon Black Bit9 Parity are displayed on the Log Activity tab of JSA.
Configuring a Log Source For Carbon Black Bit9 Parity
JSA automatically discovers and creates a log source for syslog events from Carbon Black Bit9 Parity.
The following configuration steps are optional.
- Log in to JSA.
- Click the Admin tab.
- On the navigation menu, click Data Sources.
- Click the Log Sources icon.
- Click Add.
- In the Log Source Name field, type a name for your log source.
- In the Log Source Description field, type a description for the log source.
- From the Log Source Type list, select Bit9 Security Platform.
- Using the Protocol Configuration list, select Syslog.
- Configure the following values:
Table 1: Syslog Parameters
Log Source Identifier
Type the IP address or host name for the log source as an identifier for events from your Carbon Black Bit9 Parity device.
- Click Save.
- On the Admin tab, click Deploy Changes.
The configuration is complete.