Event Forwarder 3.8.4 is now generally available for all on-prem VMware Carbon Black EDR customers as a containerized distribution and as a standard RPM distribution. Containerized Event Forwarder 3.8.4 is compatible with containerized Carbon Black EDR Server (7.7.0+).

Features

The service employs a more efficient compression engine.

Bug Fixes

A fix for an issue that affects previous 3.8.x versions, in which compressed bundles of raw sensor events could fail to forward, even when the forwarding of those raw sensor event types is enabled. The service now correctly processes and forwards bundled, compressed event data.

Installation

General Event Forwarder information and installation instructions can be found here: https://github.com/carbonblack/cb-event-forwarder.

Installing Containerized Event Forwarder 3.8.4

See Install Containerized Event Forwarder for instructions on how to install containerized Event Forwarder and connect it to containerized Carbon Black EDR Server.Containerized Event Forwarder uses the following configuration values:

Installing RPM-based Event Forwarder 3.8.4

The standard, RPM-based distribution of Event Forwarder 3.8.4 can be downloaded from https://github.com/carbonblack/cb-event-forwarder/releases/tag/v3.8.4.The RPM can be found in the CbOpensource.repo file.

The VMware Carbon Black EDR Team