The VMware Carbon Black Cloud integration that is supported for SIEM is the Splunk App. The Splunk App allows administrators to bring alerts, events, audit logs, or vulnerability data from Carbon Black Cloud into their Splunk dashboard1. The Splunk App also supports Splunk SOAR, which enables automated actions and workflows based on Carbon Black Cloud alerts2.
The other options are not supported for SIEM integration with Carbon Black Cloud. SolarWinds, LogRhythm, and Datadog are not listed among the 140+ ecosystempartnerships and integrations that Carbon Black Cloud offers3. They are also not part of the Next-Gen SOC Alliance, which features Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic integrations with Carbon Black Cloud1. References:
VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.6: Integrations
VMware Carbon Black Cloud Endpoint Standard User Guide, Chapter 12: Integrations
Integrations and APIs - VMware
Carbon Black Cloud - Cloud SIEM | Sumo Logic Docs
VMware Launches Next-Gen SOC Alliance with Splunk, IBM … - VMware Blogs
