This method of data ingestion uses Carbon Black Cloud REST APIs to pull data into QRadar.
Supported data and features:
- Alerts
- Audit Logs
- View Device Information
- Right-click Actions
Requirements:
Custom Type API Key and ID (for all data inputs and right-click actions)
See also Authentication.
- Pros
- Available out of the box without having to configure an AWS S3 bucket
- Cons
- Container Memory Limit - A combination of high bursts of alerts for extended periods and low physical memory on the app container can cause memory overload. Memory is limited to 10% of the system’s physical memory. This can cause delays in alert and general data processing. If you experience such symptoms, consider using the Data Forwarder input.
