Configure your Data Forwarder with filters to limit the amount of event data that is forwarded to QRadar.
You can create the Data Forwarder in the Carbon Black Cloud console or by using the API.
See:
Note:
- The same forwarder cannot be used for both Alerts and Events. Create a separate forwarder for each data type to forward.
- If you use the Data Forwarder to ingest alert data, do not enable any of the built-in alert types under Settings > Data. Otherwise, you will get duplicate alerts in QRadar.
- For an Alert Data Forwarder, select v2 schema.
