The Threat Intelligence Feeds page in the Carbon Black EDR console includes an EMET Protection feed. This feed is disabled by default.
You can enable this feed to include EMET event reports together with the other reports that are received on the Carbon Black EDR server. When the EMET Protection is enabled, you can enable the following:
-
Carbon Black EDR console alerts based on EMET events
-
Delivery of an email alert when an EMET event occurs
-
Inclusion of EMET events in the syslog output from the Carbon Black EDR server
For instructions on enabling a feed and configuring its alert and syslog features, see “Threat Intelligence Feeds” in the Carbon Black EDR User Guide.
The Carbon Black EDR server receives EMET events regardless of whether the EMET Protection feed is enabled. EMET event collection can be disabled per-sensor group from the Group Settings page in the Carbon Black EDR console.
