Mappings: CarbonBlack Defense Non-Threat Audit Events
| Input | Value |
|---|---|
| Vendor | CarbonBlack |
| Product | Defense |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Carbon Black |
| Product | Defense |
| Record Type | Endpoint |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| description | shortDescription | |
| device_hostname | deviceDetails.deviceHostName | |
| device_ip | deviceDetails.deviceIpAddress | |
| device_uniqueId | deviceDetails.deviceId | |
| file_basename | selectedApp.applicationName | |
| file_hash_md5 | selectedApp.md5Hash | |
| file_hash_sha256 | selectedApp.sha256Hash | |
| file_path | selectedApp.applicationPath | |
| normalizedSeverity | alertScore | This is a lookup field. More info to come in the catalog later... |
| severity | alertScore | |
| threat_identifier | incidentId | |
| user_username | deviceDetails.deviceOwner |