You can see Carbon Black EDR events in unfiltered views of the events table; there is also a Saved View for Carbon Black EDR events.
The App Control console Events page can display two Carbon Black EDR-related event subtypes:
- Carbon Black EDR sensor status
- Carbon Black EDR watchlist
To view Carbon Black EDR-related events in the App Control Console:
- In the App Control console menu, click Reports > Events.
- On the Saved Views menu, click Carbon Black EDR.
The following image shows the Carbon Black EDR view with filters displayed:
Carbon Black EDR exports both process and binary watchlist events to App Control (when export is activated).
For process watchlist events, you can add a column to display the unique Process Key ID that correlates process information between App Control and Carbon Black EDR. See Correlation of Exported Data.
When Carbon Black EDR watchlist hits appear in the App Control Events table, the watchlist name appears in the Rule Name and Description fields of the table.
