You can view Carbon Black EDR events in unfiltered views of the Events table; there is also a Saved View for Carbon Black EDR events.

The Events page in the Carbon Black App Control console can display two Carbon Black EDR-related event subtypes:

  • Carbon Black EDR sensor status
  • Carbon Black EDR watchlist

Procedure

  1. In the Carbon Black App Control console menu, click Reports > Events.
  2. On the Saved Views menu, click Carbon Black EDR.
    The following image shows the Carbon Black EDR view with displayed filters:
    The Carbon Black EDR events view displaying the event action details

    Carbon Black EDR exports both process and binary watchlist events to Carbon Black App Control (when export is activated).

    For process watchlist events, you can add a column to display the unique Process Key ID that correlates process information between Carbon Black App Control and Carbon Black EDR. See Correlation of Exported Data.

    When Carbon Black EDR watchlist hits appear in the Carbon Black App Control Events table, the watchlist name appears in the Rule Name and Description fields of the table.