This section explains how to use Carbon Black App Control event reports and alerts to monitor file activity and other key operations on your network. It also describes tools for detecting propagation of files on your network and for keeping track of the number of times a specified file executes.

There are many uses for these features, individually and in combination. For example, when you are allowing computers on your network to execute unapproved files, you can track the executions by file, computer, and computer user. If you are operating entirely at High Enforcement Level, you can use Carbon Black App Control monitoring features to be sure that files are being appropriately blocked or allowed. And you can connect other monitoring features to alerts that automatically tell you when certain actions occur or thresholds are passed.

See also Monitoring Change: Baseline Drift Reports for details on Carbon Black App Control’s ability to track changes in the overall inventory of files on your systems.

Note: For information about analyzing Carbon Black App Control events and file information with your own tools, see Live Inventory SDK: Database Views and the VMware Carbon Black App Control Events Guide. See Exporting Data for External Analysis for information about exporting events to external data analytics tools.