Carbon Black EDR and Carbon Black App Control servers make event data available for external use.
Carbon Black EDR and Carbon Black App Control users might consider correlating or analyzing data from both sources.
To facilitate correlation, events that include process data have a unique process key for each process. The process key is available as follows:
- Syslog output from the Carbon Black EDR server
- Syslog output from the Carbon Black App Control server
- Carbon Black EDR API queries
- Carbon Black App Control Live Inventory SDK/Public API queries
- Data exported specifically for Splunk from the Carbon Black App Control server
- External event exports and event archives from the Carbon Black App Control server
- Carbon Black EDR email alerts
See Carbon Black App Control Online Help for information about Carbon Black App Controlfeatures.