With configured forwarding of your Carbon Black logs, USM Anywhere collects, enriches, and analyzes log data from Carbon Black applications, along with data from your other assets and security solutions. With this aggregation of alerts and events, you can easily see what activities and changes are happening across your endpoints directly from USM Anywhere.
To view the these events, navigate to ACTIVITY > EVENTS. On the left side of the Events page, you can find the search and filters options. USM Anywhere includes several filters displayed by default. Click the Configure Filters link at the bottom of the Search & Filters panel to configure filters for the page. (For more information about configuring filters for the page display, see Managing Filters.)
An easy way to locate your Carbon Black events is to use the Data Source Plugin filter to select one of the Carbon Black plugins. This filters the list of displayed events to include only the items normalizedNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. by the plugin. For more information about using filters to locate events, see Searching Events.