Carbon Black Cloud: What are the "VMware Employee" Events In the Audit Log?
Article ID: 288304
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What are the "VMware Employee" events in the audit log?
Environment
- Carbon Black Cloud Console
Resolution
These events were added in October 2022. Release note:
All actions taken in a Carbon Black Cloud organization are now reported in the organization's Audit Log, whether those actions are taken by users or by authorized VMware employees. Previously, VMware employee activity was only available by Support request. This change not only reports those actions that were already logged when performed by users (such as Customer Support enrolling a new user login, generating new company registration codes, and more), but also shows previously-invisible logs for such actions as disabling SAML/2FA or requesting sensor logs. In cases where an audit log entry reports on VMware employee activity, the specific email and IP addresses are obfuscated for privacy. To quickly find those audit log entries, you can search for VMware employee in the Audit Log page. This change has been applied retroactively to make all such past actions visible in your Audit Log.
Feedback
Yes
No
Powered by
