The tables supplied in this section are event type specific and list and their unique subtypes specific to this release of App Control.

Note: In each of the event type tables:
  • New or changed events are identified with ** (double-asterisk) in the left column. This allows a search to quickly identify only the new or changed events.
  • For information about event changes in prior versions of App Control, refer to the legacy Events Guides on the Carbon Black User eXchange.
In the Example Descriptions/Comments column of each table, the descriptions show the text and/or format of the descriptions for each event.
  • Variable information is shown with the convention “$variabledata$”. So for example, where the actual Description field for an event would show the name of a computer (e.g., “Laptop-5”), the Description column in this table shows “$computer$”.
  • Variables that use parameters from App Control, where these parameters are not commonly known objects outside of the App Control context, are shown in the format “$param1$”, “$param2$”, etc.
  • You can view the actual event output from App Control or view the Events page through the App Control Console to see real-world examples of these parameters. For example, an event shown in this guide as Computer $computer$ discovered new file '$filePathAndName$' [$hash$]. might look like this in the console:

    An event in the Console showing the event subtype and description
Important: Due to rebranding, your SIEM may need to be updated to reflect changes made in v8.5.2. The Vendor and Product name changed.
  • The Vendor name is: VMware_Carbon_Black
  • The Product name is: App_Control

The following tables are specific to each event type: