Carbon Black Smart Connector
Not sure what happened over the years but if feels like the ArcSight smart connector support is severly lagging. I am not sure why flex connectors are used so much, back in the original days <) would tell you DO NOT make flex connectors unless they had no roadmap to smart connector support for that product. It was my understanding that they do not properly do categorization & priortization etc....; and that properly parseing the alerts into correlation normalized events would not work in the long run.
My problem is that technologies like Carbon Black Response, Defense, and now Proection do not have smart connectors at all. In fact the documentation here still has Bit9 listed which is not even a product anymore (2016) (Cb Protection).
Am I missing something is the new model to just do flex connectors for new / updated technology?
Carbon Black Security Platform is under the CEF Certified Solutions. You just need to send the logs in CEF format on Carbon Black.
Please use the Like button below, if you find this post useful or mark it as an accepted solution if it resolves your issue.