File events are generated when files are extracted by the IDS engine on the NSX Edges in the north-south traffic and by the NSX Guest Introspection agent on the virtual machine endpoints in the distributed east-west traffic.

NSX Malware Prevention feature inspects the extracted files to determine whether they are benign, malicious, or suspicious. Each unique inspection of a file is counted as a single file event in NSX-T Data Center. In other words, a file event refers to a unique file inspection. The terms "file event" and "file inspection" are used interchangeably throughout this documentation.

This documentation explains the file event monitoring tasks by using the NSX Manager UI. For documentation on doing this task by using the NSX Malware Prevention file event APIs, see the VMware Developer Documentation portal.