With configured forwarding of your Carbon Black logs, USM Anywhere collects, enriches, and analyzes log data from Carbon Black applications, along with data from your other assets and security solutions. With this aggregation of alerts and events, you can easily see what activities and changes are happening across your endpoints directly from USM Anywhere.
To view the these events, go to Activity > Events. On the left side of the Events page, you can find the search and filters options. USM Anywhere includes several filters displayed by default. At the bottom of the Search & Filters panel, click Configure Filters to configure filters for the page. (See Managing Filters for more information about configuring filters for the page display.)
An easy way to locate your Carbon Black events is to use the Data Source Plugin filter to select one of the Carbon Black plugins. This filters the list of displayed events to include only the items normalizedNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. by the plugin. See Searching Events for more information about using filters to locate events.