Bit9 Security Platform
Use the JSA DSM for Carbon Black Bit9 Security Platform to collect events from Carbon Black Bit9 Parity devices.
The following table identifies the specifications for the Bit9 Security Platform DSM:
Specification |
Value |
---|---|
Manufacturer |
Carbon Black |
DSM name |
Bit9 Security Platform |
RPM file name |
DSM-Bit9Parity-build_number.noarch.rpm |
Supported versions |
V6.0.2 and up |
Event format |
Syslog |
Supported event types |
All events |
Automatically discovered? |
Yes |
Included identity? |
Yes |
More information |
Bit9 website (http://www.bit9.com) |
To integrate Bit9 Security Platform with JSA, complete the following steps:
If automatic updates are not enabled, download the most recent version of the Bit9 Security Platform DSM RPM.
Configure your Bit9 Security Platform device to enable communication with JSA. You must create a syslog destination and forwarding policy on the Bit9 Security Platform device.
If JSA does not automatically detect Bit9 Security Platform as a log source, create a Bit9 Security Platform log source on the JSA Console. Use the following Bit9 Security Platform values to configure the log source parameters:
Parameter
Value
Log Source Identifier
The IP address or host name of the Bit9 Security Platform device
Log Source Type
Bit9 Security Platform
Protocol Configuration
Syslog
Configuring Carbon Black Bit9 Security Platform to Communicate with JSA
Configure your Bit9 Security Platform device to forward events to JSA in LEEF format.
Log in to the Bit9 Security Platform console with Administrator or PowerUser privileges.
From the navigation menu, select Administration > System Configuration.
Click Server Status and click Edit.
In the Syslog address field, type the IP address of your JSA Console or Event Collector.
From the Syslog format list, select LEEF (Q1Labs).
Select the Syslog enabled check box and click Update.