Use the Vulnerability Inputs tab to configure inputs to pull vulnerabilities using the Carbon Black Cloud APIs.
The Vulnerability input uses the CBC Vulnerability Data.
| Setting | Description |
|---|---|
| Name | Used to distinguish between inputs. |
| Active | A checkbox enables or disables the input. |
| Minimum Risk | The minimum risk level that will be pulled from the API. |
| Query | The Carbon Black Cloud-compatible query to limit the vulnerability results. The same syntax is used by the Search bar at the top of the Carbon Black Cloud console Vulnerabilities tab. Example: CVE-2021. |
| API Token | The API Key from the API Token Configuration tab to use for the API authorization. For required permissions, see API Data Inputs. |
| Proxy | The proxy configuration, if needed. |
| Index | The Splunk Index in which to store the data.
Note: This value must match value of the
VMware Base Index on the
VMware Base Configuration tab.
|
| Interval | The frequency (in seconds) that the API should poll for data. Range: 60-86400. Default: 300. |
