Syslog - VMware Carbon Black App Control
Device Details
Device Name | VMware Carbon Black |
Vendor | App Control |
Device Type | VMware |
Supported Model Name/Number | N/A |
Supported Software Version(s) | NA |
Collection Method | Syslog |
Configurable Log Output | No |
Log Source Type | Syslog - VMware Carbon Black App Control |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://docs.vmware.com/en/VMware-Carbon-Black-App-Control/8.9/cb-ac-events-guide.pdf |
Supported Log Messages
Type | Product Version | Supported Schema Fields |
|---|---|---|
Carbon Black App Control Events | N/A | <vmid>, <action>, <tag1>, <vendorinfo> |
Carbon Black Computer Management Events | N/A | <vmid>, <action>, <vendorinfo>, <dip>, <dname>, <account>, <domain>, <subject>, <policy> |
Carbon Black Discover Events | N/A | <vmid>, <action>, <vendorinfo>, <object>, <hash>, <process>, <dip>, <dname>, <account>, <domain>, <subject>, <policy> |
Carbon Black Policy Enforcement Events | N/A | <vmid>, <action>, <vendorinfo>, <object>, <hash>, <process>, <dip>, <dname>, <account>, <domain>, <subject>, <policy> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB 7.1.673.0 | Syslog - VMware Carbon Black App Control | New Log Source Type | New Device support for Syslog - VMware Carbon Black App Control |