You can use Syslog features for notification and data intelligence sharing. Directing Carbon Black EDR alerts to Syslog files enables a variety of integration options for numerous platforms.
Specific fields vary depending upon the watchlist parameters selected during creation. See “Advanced Search Queries” in the VMware Carbon Black EDR User Guide for specific fields to use when creating queries, and “Watchlists” in the same guide for information about watchlists.