edr.carbonblack
Introduction
The tags beginning with edr.carbonblack
identify events generated by VMware Carbon Black.
Tag structure
The full tag must have 3 levels. The first two are fixed as edr.carbonblack
. The third level identifies the type of events sent.
Product / Services | Tags | Data tables |
---|---|---|
Carbonblack |
|
|
|
Union table - edr.carbonblack.all This is a union table that collects events from a set of tables for easy access and analysis. Learn more about this union table in this article. | |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
For more information, read more about Devo tags.
How is the data sent to Devo?
You can forward logs generated by VMware Carbon Black using any Syslog drain (for example, Syslog-ng) or through Devo Relay.
Table structure
These are the fields displayed in these tables: