.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Re: Carbon Black - Technology Integrations
When it comes to importing logs for web services that rely on APIs I've found a few ways to collect the logs. Your first option is to try to develop a plug in to support native calls from a VLC to the API service. I've found this is a bear to configure, but if you're comfortable with Python and not afraid to poke around in a VLC it can be done. This also gives you the option of creating a transform file to edit the data coming in to support any format or syntax you would like. This solution has a high degree of flexibility, but is also incredibly complex. Since this is a supported methodology from RSA it also has the benefit of being configurable via the SA GUI once you have successfully configured the poll. Another option is to stand up a middleware server to host the API calls, write the logs to a flat file on that host, and then use something like SNARE Epilog to pick up the flat file, wrap it in syslog, and feed into your existing logging topology. If you have a VLC in a DMZ you could also host the calls to the API service on that VLC, write the logs to a file, then use the file reader service on the VLC to ingest the logs. This is the quickest, easiest method to ingest logs via the API, but unlike using the plugin to structure the call you must build and manage all the logic via CLI.