Document toolboxDocument toolbox

endpoint.vmware

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Jul 16, 2024
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with endpoint.vmware identify events generated by VM Ware Carbon Black

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as endpoint.vmware. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

VMware Carbon Black

endpoint.vmware.cbc_api.alerts

endpoint.vmware.cbc_api.alerts

endpoint.vmware.cbc_defender.audit_logs

endpoint.vmware.cbc_defender.audit_logs

endpoint.vmware.cbc_event_forwarder

endpoint.vmware.cbc_event_forwarder

endpoint.vmware.cbc_event_forwarder.auth

endpoint.vmware.cbc_event_forwarder.auth

endpoint.vmware.cbc_event_forwarder.cb_analytics

endpoint.vmware.cbc_event_forwarder.cb_analytics

endpoint.vmware.cbc_event_forwarder.device_control

endpoint.vmware.cbc_event_forwarder.device_control

endpoint.vmware.cbc_event_forwarder.endpoint_event_apicall

endpoint.vmware.cbc_event_forwarder.endpoint_event_apicall

endpoint.vmware.cbc_event_forwarder.endpoint_event_crossproc

endpoint.vmware.cbc_event_forwarder.endpoint_event_crossproc

endpoint.vmware.cbc_event_forwarder.endpoint_event_fileless_scriptload

endpoint.vmware.cbc_event_forwarder.endpoint_event_fileless_scriptload

endpoint.vmware.cbc_event_forwarder.endpoint_event_filemod

endpoint.vmware.cbc_event_forwarder.endpoint_event_filemod

endpoint.vmware.cbc_event_forwarder.endpoint_event_moduleload

endpoint.vmware.cbc_event_forwarder.endpoint_event_moduleload

endpoint.vmware.cbc_event_forwarder.endpoint_event_netconn

endpoint.vmware.cbc_event_forwarder.endpoint_event_netconn

endpoint.vmware.cbc_event_forwarder.endpoint_event_procend

endpoint.vmware.cbc_event_forwarder.endpoint_event_procend

endpoint.vmware.cbc_event_forwarder.endpoint_event_procstart

endpoint.vmware.cbc_event_forwarder.endpoint_event_procstart

endpoint.vmware.cbc_event_forwarder.endpoint_event_regmod

endpoint.vmware.cbc_event_forwarder.endpoint_event_regmod

endpoint.vmware.cbc_event_forwarder.endpoint_event_scriptload

endpoint.vmware.cbc_event_forwarder.endpoint_event_scriptload

endpoint.vmware.cbc_event_forwarder.kognos_alerts

endpoint.vmware.cbc_event_forwarder.kognos_alerts

endpoint.vmware.cbc_event_forwarder.kognos_events

endpoint.vmware.cbc_event_forwarder.kognos_events

endpoint.vmware.cbc_event_forwarder.unknown

endpoint.vmware.cbc_event_forwarder.unknown

endpoint.vmware.cbc_event_forwarder.watchlist

endpoint.vmware.cbc_event_forwarder.watchlist

endpoint.vmware.cbc_event_forwarder.watchlist_hit

endpoint.vmware.cbc_event_forwarder.watchlist_hit

endpoint.vmware.cbc_liveops.live_query

endpoint.vmware.cbc_liveops.live_query

Table structure

These are the fields displayed in these tables: