Document toolboxDocument toolbox

edr.carbonblack

Introduction

The tags beginning with edr.carbonblack identify events generated by VMware Carbon Black.

Tag structure

The full tag must have 3 levels. The first two are fixed as edr.carbonblack. The third level identifies the type of events sent.

Product / Services

Tags

Data tables

Product / Services

Tags

Data tables

Carbonblack

edr.carbonblack

edr.carbonblack

edr.carbonblack.all

edr.carbonblack.all

Union table - edr.carbonblack.all

This is a union table that collects events from a set of tables for easy access and analysis.

Learn more about this union table in this article.

edr.carbonblack.alert

 

edr.carbonblack.alert

 

edr.carbonblack.binary

 

edr.carbonblack.binary

 

edr.carbonblack.feed

 

edr.carbonblack.feed

 

edr.carbonblack.ingress

 

edr.carbonblack.ingress

 

edr.carbonblack.protect

edr.carbonblack.protect

edr.carbonblack.watchlist

edr.carbonblack.watchlist

For more information, read more about Devo tags.

How is the data sent to Devo?

You can forward logs generated by VMware Carbon Black using any Syslog drain (for example, Syslog-ng) or through Devo Relay.

Table structure

These are the fields displayed in these tables: