This section describes how to use Baseline Drift Reports, which allow you to track changes in the inventory of files on systems running the Carbon Black App Control Agent.
Events, Alerts and Meters describes other monitoring features.
Carbon Black App Control's Live Inventory of files on computers reporting to your Carbon Black App Control Server gives you the ability to measure baseline drift, the difference between a baseline of files and the current files on a target you specify. This difference is available as a baseline drift report that you can view either in detail in dynamic tables or as graphic charts on a Carbon Black App Control dashboard. Baseline drift reports provide not only simple numbers of file differences but also risk analyses related to those changes.
After it is set up, a drift report automatically runs every few hours, giving you an up-to date record of changes in your file inventory. You can create different baseline drift reports for different targets and baselines, and Carbon Black App Control includes some reports pre-configured for your use. By default, only Power Users and Administrators can create, modify and delete reports. However, custom account groups can be configured to allow viewing only or viewing and management of drift reports and snapshots.
Term |
Description |
---|---|
Target |
A collection of current files to analyze. This collection can be all the files on a particular computer, on computers with a particular security policy, or on all computers. The collection can also be a custom filtered table of files from one or more computers. |
Baseline |
The reference against which you compare the target. It can be a set of files captured as a "snapshot," multiple snapshots, a set of one or more computers, or a custom baseline generated by filters and other parameters you define. You can also have no baseline, in which case a report shows you new files appearing over time. |
Snapshot |
A set of files collected from one or more computers. It can be all files from the selected computer(s), files selected based on custom-defined filter, or file lists captured from other pages in the console. Each snapshot is named, and can be used as the baseline for a drift report. |
Baseline drift report |
A report that contains information about the differences between a baseline and a target. A drift report can show differences simply in the number of changed files as well as the risk indicated by those changes. |