Device Details
|
Device Name |
VMware Carbon Black |
|
Vendor |
App Control |
|
Device Type |
VMware |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
NA |
|
Collection Method |
Syslog |
|
Configurable Log Output |
No |
|
Log Source Type |
Syslog - VMware Carbon Black App Control |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://docs.vmware.com/en/VMware-Carbon-Black-App-Control/8.9/cb-ac-events-guide.pdf |
Supported Log Messages
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Carbon Black App Control Events |
N/A |
<vmid>, <action>, <tag1>, <vendorinfo> |
|
Carbon Black Computer Management Events |
N/A |
<vmid>, <action>, <vendorinfo>, <dip>, <dname>, <account>, <domain>, <subject>, <policy> |
|
Carbon Black Discover Events |
N/A |
<vmid>, <action>, <vendorinfo>, <object>, <hash>, <process>, <dip>, <dname>, <account>, <domain>, <subject>, <policy> |
|
Carbon Black Policy Enforcement Events |
N/A |
<vmid>, <action>, <vendorinfo>, <object>, <hash>, <process>, <dip>, <dname>, <account>, <domain>, <subject>, <policy> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.673.0 |
Syslog - VMware Carbon Black App Control |
New Log Source Type |
New Device support for Syslog - VMware Carbon Black App Control |