This table lists all Server Management events and their unique subtypes specific to this release of App Control.
| Subtype | ID No. | Severity | Example Descriptions/Comments | |
|---|---|---|---|---|
| AD lookups are slow | 114 | Warning | Active Directory Lookups are slow. Average lookup took $param1$ ms. Please review your AD configuration. | |
| Agent install package generation disabled | 214 | Error | Agent install package generation is disabled for all operating systems. To enable agent generation, please download rules and host packages from the Carbon Black User eXchange at https://community.carbonblack.com/. | |
| Agent install package generation failed | 231 | Error | $platform$ agent install packages failed to generate for policy ‘$policy$’ | |
| Agent install package generation succeeded | 213 | Info | $platform$ agent install packages have been successfully generated. | |
| Agent SSL error | 126 | Warning | SSL certificate error was detected when talking with host at IP '$ipAddress$'. This event can be falsely triggered by unreliable network connections. Change Notes: Subtype was “Agent certificate expired” in some previous versions. |
|
| Agent trust cert file created | 207 | Info | Agent trust cert file created. | |
| Agent trust cert file failed to be created | 208 | Info | Could not create agent trust cert file: $param1$. | |
| Archived communication key use | 235 | Info | Archived communication key used from computer $param1$. | |
| Carbon Black File Reputation connection lost | 138 | Warning | Carbon Black File Reputation connection lost: $reason$ |
|
| Carbon Black File Reputation connection restored | 139 | Notice | Carbon Black File Reputation connection restored |
|
| Carbon Black File Reputation proxy cleared | 141 | Info | Proxy disabled. Using direct connection to Carbon Black File Reputation. |
|
| Carbon Black File Reputation proxy set | 140 | Info | Using proxy '$param1$' for connection to Carbon Black File Reputation. |
|
| Communication error | 136 | Error | SOAP error on computer $computer$ ($ipaddress$) in $param1$. | |
| Communication key created | 205 | Info | Communication key created. | |
| Communication key failed to be created | 206 | Info | Could not create communication key: $param1$. | |
| Connector restart | 178 | Warning | Connector started, build information: $param1$ | |
| Connector shutdown | 179 | Notice | Connector shutdown cleanly. | |
| Database error | 135 | Error | Unknown error initializing database pool. | |
| Database server reached specified limit | 106 | Critical | Database data file size limit reached. Total data file size is $param1$ MB. | |
| Database verification error | 108 | Error | Carbon Black App Control Server database is corrupt: $param1$. |
|
| Default rules not found | 230 | Error | Failed to generate agent install packages because the default rules do not exist. To enable agent generation, please download rules from the Carbon Black User eXchange at https://community.carbonblack.com/. | |
| Disabled communication key use | 234 | Info | Disabled communication key used from computer $param1$. | |
| Enabled Indicator Set deleted | 169 | Info | Indicator Set $setName$ was deleted by '$username$' Note: Occurs only when the Indicator Set was enabled at the time of deletion. There is a different Indicator Set deleted event for the general case. |
|
| Enabled updater deleted | 148 | Info | Enabled Updater $updaterName$ was deleted by '$username$' Note: Occurs only when the Updater was enabled at the time of deletion. |
|
| File analysis canceled | 158 | Info | User '$username$' canceled analysis of file '$filename$' [$hash$] with '$provider$'. | |
| File analysis completed | 161 | Info Warning |
File '$filename$' [$hash$] was successfully analyzed with '$provider$'. Nothing suspicious was found. File '$filename$' [$hash$] was successfully analyzed with '$provider$'. It was reported as malicious. |
|
| File analysis error | 160 | Error | Analysis of file '$filename$' [$hash$] with '$provider$' failed because of error '$param1$'. | |
| File analysis modified | 176 | Info | 'User ''$username$'' modified priority of analysis of file [$hash$]. | |
| File analysis requested | 157 | Info | User '$username$' requested analysis of file [$hash$] with '$provider$'. Analysis of file [$hash$] with '$provider$' was requested by Event Rule '$ruleName$'. |
|
| File downloaded | 196 | Info | File '$filename$' [$hash$] downloaded by '$username$' from server | |
| File inventory deleted | 187 | Notice | Deleted $param1 inventory files that were excluded per configuration Note: Param1 is the number of files deleted. |
|
| File tracking disabled | 109 | Warning | File tracking has been automatically disabled because database data file size limit has been reached. | |
| File upload modified | 177 | Info | User ‘$username$' modified priority of upload of file [$hash$] from computer '$computer$' | |
| Health Indicator changed | 183 | Info | The System has changed Health Indicator ‘$Param1$’ on tab ‘$Param2$’ on the System Health page. Notes: Param1 is the name of the Health Indicator. Param2 is the tab on which it appears. |
|
| Health Indicator created | 182 | Info | A new Health Indicator ‘$Param1$’ was created by $username$ on the ‘$Param2$’ tab of the System Health page. Note: Param1 is the name of the Health Indicator. Param2 is the tab on which it appears. |
|
| Health Indicator deleted | 184 | Info | The system has removed Health Indicator ‘$Param1$’ from tab ‘$Param2$’ on the System Health Page. Note: Param1 is the name of the Health Indicator. Param2 is the tab where it previously appeared. |
|
| Health Indicator severity change | 181 | Warning/Info | For existing Health Indicators: Health Indicator $Param1$ has changed from severity $Param2$ to severity $Param3$. Health Indicator $Param1$ has gone to severity Param3$ Check the Health Indicator for more details. (Appears when indicator stops showing healthy state) Health Indicator $Param1$ has increased in severity from $Param2$ to $Param3$. Check the Health Indicator for more details. (Appears when indicator moves from borderline to critical) Health Indicator $Param1$ has decreased in severity from Param2$ to Param3$. (Appears when indicator moves from critical to borderline) Health Indicator $Param1$ is now healthy. (Appears when indicator moves to healthy state) For newly created Health Indicators: Newly created Health Indicator $Param1$ is healthy. Newly created Health Indicator $Param1$ has severity $Param3$. Check the Health Indicator for more details. |
|
| Host package not found (Linux) | 217 | Error | Failed to generate agent install packages for Linux because the host package does not exist. To enable agent generation, please download host packages from the Carbon Black User eXchange at https://community.carbonblack.com/. | |
| Host package not found (Mac) | 216 | Error | Failed to generate agent install packages for Mac because the host package does not exist. To enable agent generation, please download host packages from the Carbon Black User eXchange at https://community.carbonblack.com/. | |
| Host package not found (Windows) | 215 | Error | Failed to generate agent install packages for Windows because the host package does not exist. To enable agent generation, please download host packages from the Carbon Black User eXchange at: https://community.carbonblack.com/ | |
| Indicator Set created | 163 | Info | Indicator Set '$setName$' was created by '$username$'. | |
| Indicator Set deleted | 164 | Info | Indicator Set '$setName$' was deleted by '$username$' Note: There is a separate Enabled Indicator Set deleted event for Updaters deleted while enabled. |
|
| Indicator Set disabled | 167 | Info | Indicator Set '$setName$' was disabled by '$username$' | |
| Indicator Set enabled | 166 | Info | Indicator Set '$setName$' was enabled by '$username$' | |
| Indicator Set exception created | 172 | Info | Indicator Set Exception '$setName$' created by '$username$' | |
| Indicator Set exception deleted | 174 | Info | Indicator Set Exception '$param1$' deleted by '$username$' | |
| Indicator Set exception modified | 173 | Info | Indicator Set Exception '$param1$' modified by '$username$' | |
| Indicator Set modified | 168 | Info | Indicator Set '$param1$' was modified by '$username$' | |
| Indicator Set updated | 165 | Info | Indicator Set '$param1$' was updated by '$username$' | |
| Install failed | 212 | Error | "$param1$ install failed. $param2$" Note: $param1$ is the installation file for the agent host package or default rules file and $param2$ is the reason for the failure, such as failed signature verification. |
|
| Install succeeded | 211 | Info | $param1$ install successful Note: $param1$ specifies a host package platform and version or a default rules version. |
|
| License added | 115 | Notice | User '$username$' has successfully added new Carbon Black App Control license. |
|
| License error | 116 | Error | User '$username$' attempted to add Carbon Black App Control license. ($param1$) |
|
| License warning | 117 | Warning | Your Carbon Black App Control Suite license will expire in $param1$ day(s) on $date$. |
|
| Network Connector | 162 | Info | New network connector '$product$', version '$param2$' was registered. Network connector ‘$product$’, version ‘$param2$’ was removed. Network connector ‘$product$’, version ‘$param2$’ was removed and its data was deleted. User ‘$username$’ has modified configuration of network connector '$product$'. User ‘$user$’ has modified UI configuration of network connector ‘$param1$’. User ‘$username$’ has enabled network connector ‘$product$’. User ‘$username$’ has disabled network connector ‘$product$’. User ‘$username$’ has enabled file analysis for network connector ‘$product$’. User ‘$username$’ has disabled file analysis for network connector ‘$product$’. User ‘$username$’ has set param '$param2$' to '$param3$' for network connector '$product$'. User ‘$username$’ has enabled file analysis mode ‘$param1$’ for network connector ‘$product$’. |
|
| Network Connector added | 185 | Notice | User ‘$user$’ has registered new network connector ‘$param1$', version ‘$param2$’ | |
| Network Connector removed | 186 | Notice | User ‘$user$’ has removed network connector ‘$param1$', version ‘$param2$’ | |
| Notifier install failed | 156 | Error | Upgrade Error: Notifier for Policy '$policyName$', Setting '$policySetting$' was reset to default during upgrade. | |
| Old events were deleted | 107 | Notice | Deleting $param1$ events older than $param2$. | |
| Rapid Config created | 188 | Info | Rapid Config '$param1$' was created by '$username$'. | |
| Rapid Config deleted | 189 | Info | Rapid Config '$param1$' was deleted by '$username$'. | |
| Rapid Config disabled | 193 | Info | Rapid Config '$param1$' was disabled by '$username$'. | |
| Rapid Config enabled | 192 | Info | Rapid Config '$param1$' was enabled by '$username$'. | |
| Rapid Config modified | 190 | Info | Rapid Config '$param1$' was modified by '$username$'. | |
| Rapid Config updated | 191 | Info | Rapid Config '$param1$' was updated by '$username$'. | |
| Reporter restart | 151 | Warning | Reporter started, build information: $param1$. | |
| Reporter shutdown | 152 | Notice | Reporter shutdown cleanly. | |
| Server backup failed | 104 | Warning | Database backup has failed. | |
| Server backup missed | 105 | Warning | Scheduled database backup was not performed. | |
| Server backup started | 103 | Info | Database backup has been enabled, starting backup service. | |
| Server backup stopped | 110 | Notice | Backup has been disabled, stopping backup service. | |
| Server Config List error | 113 | Error | Data is bad for config list entry. Id[$param1$], Version[$param2$], Data[$param3$]. |
|
| Server config modified | 102 | Notice | Configuration property '$param1$' was changed from '$param3$' to '$param2$' by '$username$'. Tracking of locally approved support files signed by Microsoft was disabled/enabled by '$username$' |
|
| Server error | 142 | Error/ Warning |
There are too many descriptions to list for this subtype since it handles many different types of errors. Examples include: Carbon Black File Reputation - error logged and service resuming operation. The remote server returned an unexpected response: (413) Request Entity Too Large. |
|
| Server performance | 175 | Warning | Event filter for alert '$alertName$' is not performing well. Execution took $param2$ ms while processing $param3$ events. Please review associated alert filter. Event Rule '$ruleName1$' is not performing well. Execution took $param2$ ms while processing $param3$ events. Please review associated Event Rule filter. |
|
| Server restart | 101 | Notice | Carbon Black App Control Server started, build information: $param1$. |
|
| Server shutdown | 100 | Warning | Carbon Black App Control Server shutdown cleanly. |
|
| Server upgrade failed | 112 | Error | Failed to upgrade Carbon Black App Control Server to $param1$. |
|
| Server upgrade info | 195 | Info | Upgrade Information for server Carbon Black App Control Server : Default Rules order was modified by customer. |
|
| Server upgrade succeeded | 111 | Info | Successfully upgraded Carbon Black App Control Server to version $param1$. |
|
| SSL certificate CN mismatch | 128 | Critical | Common Name mismatch between SSL certificate ($param1$) and RPC Server Name ($param2$). | |
| SSL certificate error | 127 | Critical | Server was not able to use default SSL certificate. Communication with agents is disabled. | |
| SSL certificate expired | 125 | Critical | Server SSL certificate has expired on $param1$. Agents will not be able to connect if SSL protocol is enabled. | |
| SSL certificate expiring | 124 | Critical | Server SSL certificate will expire on $param1$. | |
| SSL certificate generated | 118 | Notice | User '$username$' has successfully generated a new SSL certificate for Carbon Black App Control Server: $param1$ |
|
| SSL certificate generation failed | 119 | Warning | User '$username$' has failed to generate a new SSL certificate for Carbon Black App Control Server. Error: $param1$ |
|
| SSL certificate import failed | 121 | Warning | User '$username$' has failed to import new SSL certificate for Carbon Black App Control Server. Error: $param1$ |
|
| SSL certificate imported | 120 | Notice | User '$username$' has successfully imported a new SSL certificate for Carbon Black App Control Server: $param1$ |
|
| Strong SSL communications disabled | 123 | Warning | User '$username$' has disabled strong SSL communications. Agents using strong SSL will not be able to talk to server anymore. Contact Carbon Black Support for remediation. | |
| Strong SSL communications enabled | 122 | Notice | User '$username$' has enabled strong SSL communications. Server cannot be spoofed. | |
| System error | 137 | Error | Reports a variety of descriptions for command line usage errors in rarely used debugging activities. | |
| Unified server added | 280 | Info | Unified server '$param1$' added to local configuration by ‘$username$’. | |
| Unified server error | 283 | Critical | Unified server '$param1$' inaccessible. Unified server '$param1$' inaccessible due to an issue with the SSL certificate. Unified server '$param1$' inaccessible due to an authentication issue. |
|
| Unified server modified | 282 | Info | Unified server '$param1$' modified by ‘$username$’. Unified Management disabled on local server by '$username$'. Unified Management configured to be managed only from this server by '$username$'. Unified Management configured to be managed from all servers by '$username$'. This server was added to remote unified management configuration by '$username$'. |
|
| Unified server removed | 281 | Info | Unified server '$param1$' removed from local configuration by ‘$username$’. | |
| Updater created | 145 | Info | Updater ‘$updaterName$’ was created by '$username$' | |
| Updater deleted | 146 | Info | Updater ‘$updaterName$’ was deleted by '$username$' Note: There is a separate Enabled Updater deleted event for Updaters deleted while enabled. |
|
| Updater modified | 147 | Info | Updater ‘$updaterName$’ was modified by '$username$'. Enabled Updater ‘$updaterName$’ was deleted by '$username$'. |
|
| Updaters Indicator Set disabled | 171 | Info | '$username$' disabled automatic update of Indicator Sets from Carbon Black File Reputation | |
| Updaters Indicator Set enabled | 170 | Info | '$username$' enabled automatic update of Indicator Sets from Carbon Black File Reputation | |
| Updaters update disabled | 150 | Info | '$username$' disabled automatic update of Application Updaters from Carbon Black File Reputation |
|
| Updaters update enabled | 149 | Info | '$username$' enabled automatic update of Application Updaters from Carbon Black File Reputation |
|
| Yara Rules Added | 197 | Info | A new set of Yara Rules were added: $param1$ Version: $param2$. | |
| Yara Rules Modified | 198 | Info | Yara Rules were modified: $param1$ OldVersion: $param2$. |
