Carbon Black Cloud: What are the "VMware Employee" Events In the Audit Log?
search cancel

Carbon Black Cloud: What are the "VMware Employee" Events In the Audit Log?


Article ID: 288304


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


What are the "VMware Employee" events in the audit log?


  • Carbon Black Cloud Console


These events were added in October 2022. Release note:
All actions taken in a Carbon Black Cloud organization are now reported in the organization's
Audit Log, whether those actions are taken by users or by authorized VMware employees.
Previously, VMware employee activity was only available by Support request. This change
not only reports those actions that were already logged when performed by users (such as
Customer Support enrolling a new user login, generating new company registration codes,
and more), but also shows previously-invisible logs for such actions as disabling SAML/2FA
or requesting sensor logs. In cases where an audit log entry reports on VMware employee
activity, the specific email and IP addresses are obfuscated for privacy. To quickly find those
audit log entries, you can search for VMware employee in the Audit Log page. This change
has been applied retroactively to make all such past actions visible in your Audit Log.