Event_Id

bigint

Primary Key

Computer_Id

int

Foreign key into the ExComputers for computer that sent this event

File_Catalog_Id

int

Foreign key into the ExFileCatalog table for file associated with this event

Root_File_Catalog_Id

int

Foreign key into ExFileCatalog table for a root file associated with this event

File_Name

nvarchar

Name of the file related to this event

Path_Name

nvarchar

File path related to this event. Paths use the OS-specific delimiter for the agent on which the file is located.

Process

nvarchar

Name of the process associated with this event

Process_File_Catalog_ID

int

Foreign key into ExFileCatalog table for the process associated with this event

Timestamp

datetime

Date and time (UTC) this event was generated

IP_Address

varchar

IP address of the endpoint that originated this event

Description

nvarchar

Event description

Priority

nvarchar

Debug, Info, Notice,Warning, Error, Critical

Event priority

Type

nvarchar

Event Type

Subtype

nvarchar

Event Subtype

User_Name

nvarchar

Name of the user associated with this event

Rule_Name

nvarchar

Name of the Carbon Black App Control rule that caused the event (block/prompt/report/approval)

Ban_Name

nvarchar

Name of the hash or filename ban associated with the event (empty if the ban was not named); introduced in 7.0.1 Patch 3

Updater_Name

nvarchar

If an updater is associated with the event, the name of the updater; introduced in 7.0.1 Patch 3

Indicator_Name

nvarchar

If a threat indicator is associated with the event, the name of the indicator

Received_Timestamp

datetime

Date and time (UTC) this event was received by the Carbon Black App Control Server

Command_Line

nvarchar

Command line for the process that attempted the action recorded by this event