The Events page provides access to all recorded events related to Carbon Black App Control activities, including files blocked, unapproved files executed, system management processes and actions by console users. The Carbon Black App Control Server updates event data in near-real-time for connected computers, with minor variations due to event volume.
There are predefined reports, available on the Saved Views menu, and you also can create and save your own Saved Views using existing views as templates or starting with the full events table. For any event report, you can change the window of time for which you want results without having to create a new Saved View.
The Events page displays up to 200 events per page for the time period you specify. You can adjust the number of events displayed in a table by changing rows per page value in the bottom right of the page.
You can cache the events from a view you create for later examination, saving the time and processing needed to extract them from the database. When you issue a Cache command on the Events page, the events in current view are queued for processing overnight and become available on the Cached Events page when processing is complete. See Caching Events for Later Viewing.
- You can optionally direct the Carbon Black App Control Syslog event output for postprocessing on another system. If you do so, event output also remains displayed on the Events page in the console. For more information, see Event Management Options.
- You also can export events to a folder for use by external data analytics products. See Exporting Data for External Analysis
See VMware Carbon Black App Control Events Guide for a complete list of events and mapping instructions for output to supported Syslog formats.