The Carbon Black App Control Server records several different events related to health indicators. You can views these events in the console, set up rules in a SIEM that respond to these events, and trigger Alerts or Event Rules based on them.
Event subtypes inform you of changes in the indicators themselves: Health indicator created, Health indicator changed, and Health indicator deleted.
The event most likely to be of interest for monitoring system health is the Health indicator severity change subtype. An event indicating a severity change from lower to higher means that some element in your Carbon Black App Control environment needs your attention. On the other hand, a decrease in severity can let you know that a remediation you performed was successful. Increases in severity trigger events whose severity is Warning. Decreases in severity trigger events whose severity is Info.
The Description fields for the severity change event provide details about why the event was triggered. It also includes descriptions of the state of newly created indicators. The following table shows the conditions that trigger Health indicator severity change events.
| Condition |
Description |
|---|---|
| Indicator condition is no longer healthy |
Health indicator <name> has gone to severity <severity level>. Check the health indicator for more details. |
| Severity increased from yellow to red |
Health indicator <name> has increased in severity from <old severity> to <new severity>. Check the health indicator for more details. |
| Severity decreased to yellow |
Health indicator <name> has decreased in severity from <old severity> to <new severity>. |
| Triggered indicator is now healthy | Health indicator <name> is now healthy. |
| New indicator condition is unhealthy |
Newly created health indicator <name> has severity <severity level>. Check the health indicator for more details. |
| New indicator condition is healthy |
Newly created health indicator <name> is healthy. |
