Carbon Black EDR and App Control servers make event data available for external use.
Carbon Black EDR and App Control users might consider correlating or analyzing data from both sources.
To facilitate correlation, events that include process data have a unique process key for each process. The process key is available as follows:
- Syslog output from the Carbon Black EDR server
- Syslog output from the App Control server
- Carbon Black EDR API queries
- App Control Live Inventory SDK/Public API queries
- Data exported specifically for Splunk from the App Control server
- External event exports and event archives from the App Control server
- Carbon Black EDR email alerts
See the App Control console Online Help for information about the App Control features.
