App Control: How to Identify Which Items are File Catalog Updates in SIEM (Splunk)
search cancel

App Control: How to Identify Which Items are File Catalog Updates in SIEM (Splunk)

book

Article ID: 286093

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to Identify Which Items are File Catalog Updates in SIEM (Splunk)

Environment

  • App Control Server: All Versions

Resolution

File catalog updates will contain: 
ABId:<ABID>
and will not contain: 
EventSubType:<Subtype>
Powered by Wolken Software