Certain fields in the Events table are of particular interest in the Threat views.
Some fields are visible in the table by default, and you can add other fields. These fields include:
Indicator Set
– The name of the Indicator Set containing the indicator that triggered the event.Rule Name
– The name of the rule that triggered the event. For detection events, these are descriptions of the suspicious activity being detected.Indicator Name
– This optional field is the same as the Rule Name for threat events. It is included to make it easier to identify threat events in Syslog output.Process Threat
– The threat level for the process attempting an action in this event, if reported by Carbon Black File Reputation.Process Trust
– The trust level for the process attempting an action in this event, if reported by Carbon Black File Reputation.Process Prevalence
– The prevalence of the file associated with theProcess
field of the event. Prevalence is the number of computers on which at least one instance of the process file exists.File Threat
– The threat level for the file acted upon in this event, if reported by Carbon Black File Reputation.File Trust
– The trust level for the file acted upon in this event, if reported by Carbon Black File Reputation.File Prevalence
– The prevalence of the file acted upon (the file in theFile Name
field) in this event. Prevalence is the number of computers on which at least one instance of the file exists.
Note: The initial values and later updates to threat, trust and prevalence data are provided based on access to
Carbon Black File Reputation and scheduling of
Carbon Black App Control tasks. Updates can have a delay.