Skip to main content
Skip table of contents

Carbon Black Cloud Beat Collection

This document explains how to initialize Carbon Black Cloud Beat using cloud-to-cloud collection after configuration. It is primarily focused on the alert log to be pulled from the Carbon Black Cloud console. This feature is available only to LRCloud customers.

Prerequisites

Before initializing Carbon Black Cloud Beat, do the following:

  • Make sure that the customer is an LRCloud customer and has their environment hosted.
  • Check if Open Collector has been installed in the customer's LRCloud environment on a separate instance. If not, an Open Collector instance must be requested via a support case.
  • Ensure that the Open Collector log source has been accepted.
  • Check if you have the Carbon Black Cloud console hostname. You should have received the hostname when you purchased the Carbon Black Cloud platform.

  • Make sure that you have the Carbon Black Cloud console API Credentials and Organization key. If you do not have the required details, follow the instructions in Configure API Access on Carbon Black Cloud Console.
  • Ensure that you have a sensor installed in one of your machines to sync the alerts on the Carbon Black Cloud console. This sensor can be installed using the Sensor option provided under Endpoints in the Carbon Black Cloud console.

Apply the Log Source Virtualization Template  

  1. Log in to the Client Console in Cameyo.
  2. Click Deployment Manager from the toolbar.
  3. Click the Log Sources tab.
  4. Double-click the required Open Collector Log Source (such as, {instance}-opencollector.c.e3-hub-753dd405.internal Open Collector).
    The Log Message Source Properties window appears.
  5. Click the Log Source Virtualization tab. 
  6. If not checked, select the Enable Virtualization check box. 
  7. Click Create Virtual Log Sources.
    The Create Virtual Log Sources dialog box appears. 
  8. In the Virtual Log Sources menu, check the Action check box corresponding to "Syslog - Open Collector - Carbon Black Cloud" and "Syslog - Open Collector - CarbonBlackBeat Heartbeat" log source types.
  9. Click  Save.
    The Virtual Log Source(s) created prompt appears.
  10. Click Ok.
  11. Click Apply. 
  12. Click Ok.
    The new Log Sources will appear in the grid as children of your parent log source.
  13. Click the System Monitors tab. 
  14. Select the Action check box corresponding to the (customerid)-dpawc agent. 
  15. Right-click the selection, click Actions and then click Service Restart. 

Initialize the Beat 

  1. Log in to the Web Console as a Restricted Administrator User.
  2. On the top navigation bar, click the Administration icon 
     and select Cloud Log Collection.
  3. At the top of the Cloud Log Collection page, click New Log Source.
    The New cloud log collection dialog box appears.
  4. Select the CarbonBlack Beat - Open Collector tile. 
    The Add CarbonBlack Beat Log Source window appears.
  5. Enter the following details:

    Setting

    Description

    NameEnter the name for this log source.
    Description (Optional)Enter a description for this log source.
    HostnameCarbonBlack cloud console hostname. Do not use "https://" from the original hostname.
    API IDEnter the Carbon Black Cloud Platform API ID (for example, 12345678).
    Secret KeyEnter the Carbon Black Cloud Platform API Secret Key (for example, ABCDEFGHIJKLMNOPQRSTUVWX).
    Org Key

    Enter the Carbon Black Cloud Platform Organization Key (for example, 1ABCD33E).

  6. Click Save.

  7. Log in to the Client Console in Cameyo.
  8. Click Deployment Manager from the toolbar.
  9. Click the System Monitors tab. 
  10. Select the Action check box corresponding to the dpwac agent.
  11. Right-click the selection, click Actions and then click Service Restart.

A new log source is created with the provided information based on the virtualized log source that was already created. Collection should start automatically in few minutes.

The Open Collector hosts the log sources. It is recommended to create a new host entity and move the log source to the new host which is done in the log source properties screen and not from the log source grid.

For security, the values entered are encrypted using LRCrypt.

Default Config Values for the Carbon Black Cloud Beat

Setting

Field Name

Default Values

1heartbeatinterval60s
2heartbeatdisabledfalse
3period

2s

4numbackdaysData

7

Number of back days must be a non-negative number.

Only 180 days of backlog data is supported. Therefore, the range for this value is 1-180 days.

5limit

1000

Supported limit range is 100-1000.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.