The ExEvents view provides access to all events that are displayable on the Events page. This includes events related to files discovered, files blocked, files approved, unapproved files executed, system management processes, and actions by console users.

To see event data as it is displayed in the console, click Reports > Events in console menu to open the Events page.

Table 1. ExEvents View Details

Field Name

Data Type

Special Values

Comments

Event_Id

bigint

 

Primary Key

Computer_Id

int

 

Foreign key into the ExComputers for computer that sent this event

File_Catalog_Id

int

 

Foreign key into the ExFileCatalog table for file associated with this event

Root_File_Catalog_Id

int

 

Foreign key into ExFileCatalog table for a root file associated with this event

File_Name

nvarchar

 

Name of the file related to this event

Path_Name

nvarchar

 

File path related to this event. Paths use the OS-specific delimiter for the agent on which the file is located.

Process

nvarchar

 

Name of the process associated with this event

Process_File_Catalog_ID

int

 

Foreign key into ExFileCatalog table for the process associated with this event

Timestamp

datetime

 

Date and time (UTC) this event was generated

IP_Address

varchar

 

IP address of the endpoint that originated this event

Description

nvarchar

 

Event description

Priority

nvarchar

Debug, Info, Notice,Warning, Error, Critical

Event priority

Type

nvarchar

 

Event Type

Subtype

nvarchar

 

Event Subtype

User_Name

nvarchar

 

Name of the user associated with this event

Rule_Name

nvarchar

 

Name of the Carbon Black App Control rule that caused the event (block/prompt/report/approval)

Ban_Name

nvarchar

 

Name of the hash or filename ban associated with the event (empty if the ban was not named); introduced in 7.0.1 Patch 3

Updater_Name

nvarchar

 

If an updater is associated with the event, the name of the updater; introduced in 7.0.1 Patch 3

Indicator_Name

nvarchar

 

If a threat indicator is associated with the event, the name of the indicator

Received_Timestamp

datetime

 

Date and time (UTC) this event was received by the Carbon Black App Control Server

Command_Line

nvarchar

 

Command line for the process that attempted the action recorded by this event