https://github.com/indeedsecurity/carbonbeat

event shipper for Carbon Black Defense notifications
https://github.com/indeedsecurity/carbonbeat

beats carbonblack libbeat security

Last synced: 5 months ago
JSON representation

event shipper for Carbon Black Defense notifications

• Host: GitHub
• URL: https://github.com/indeedsecurity/carbonbeat
• Owner: indeedsecurity
• License: apache-2.0
• Created: 2018-04-20T19:44:08.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2023-02-25T00:34:55.000Z (over 3 years ago)
• Last Synced: 2024-06-19T02:05:50.713Z (about 2 years ago)
• Topics: beats, carbonblack, libbeat, security
• Language: Go
• Homepage:
• Size: 179 KB
• Stars: 10
• Watchers: 5
• Forks: 6
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Carbonbeat

Carbonbeat currently supports shipping notifications from the Carbon Black Defense notifications API.

## Getting Started with Carbonbeat

You'll need to provide your API credentials in `carbonbeat.yml`. CB Defense notifications api requires a `SIEM` type API key.

As of carbonbeat 2.0 you need to provide both a `SIEM` type key for CB Defense notifications and an `API` type key for audit logging.

Like any other beat, customize `carbonbeat.full.yml` to your liking, rename to `carbonbeat.yml` and you're ready to go.

You can customize the outputs per the [beats outputs documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuring-output.html).

There is a multistage Dockerfile included. It does not include the config so you need to mount it when you run the container.

## Output example

Carbonbeat ships events in JSON format to its outputs. Here is an example of an event indexed into Elasticsearch and displayed by Kibana:

![example notification event](docs/carbonbeat-event.png "example notification event")