edr.cbef

[ 1 Introduction ] [ 2 Tag structure ] [ 3 Table structure ]

Introduction

The tags begin with edr.cbef identify the events generated by Carbon Black Event Forwarder.

Tag structure

The full tag must have at least 2 levels. The first two are fixed as edr.cbef. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

Product / Services	Tags	Data tables

Product / Services	Tags	Data tables
Carbon Black Event Forwarder	`edr.cbef.alert.cb_analytics` `edr.cbef.alert.watchlist`	`edr.cbef`
	`edr.cbef.alert.cb_analytics` `edr.cbef.alert.watchlist`	`edr.cbef.alert`
	`edr.cbef.alert.cb_analytics`	`edr.cbef.alert.cb_analytics`
	`edr.cbef.alert.watchlist`	`edr.cbef.alert.watchlist`
	`edr.cbef.endpoint_event.apicall` `edr.cbef.endpoint_event.crossproc` `edr.cbef.endpoint_event.filemod` `edr.cbef.endpoint_event.moduleload` `edr.cbef.endpoint_event.netconn` `edr.cbef.endpoint_event.procend` `edr.cbef.endpoint_event.procstart` `edr.cbef.endpoint_event.regmod`	`edr.cbef.endpoint_event`
	`edr.cbef.endpoint_event.apicall`	`edr.cbef.endpoint_event.apicall`
	`edr.cbef.endpoint_event.crossproc`	`edr.cbef.endpoint_event.crossproc`
	`edr.cbef.endpoint_event.filemod`	`edr.cbef.endpoint_event.filemod`
	`edr.cbef.endpoint_event.moduleload`	`edr.cbef.endpoint_event.moduleload`
	`edr.cbef.endpoint_event.netconn`	`edr.cbef.endpoint_event.netconn`
	`edr.cbef.endpoint_event.procend`	`edr.cbef.endpoint_event.procend`
	`edr.cbef.endpoint_event.procstart`	`edr.cbef.endpoint_event.procstart`
	`edr.cbef.endpoint_event.regmod`	`edr.cbef.endpoint_event.regmod`

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables: