Environment
- Carbon Black Cloud Console
Question
What are the "VMware Employee" events in the audit log?
Answer
These events were added in October 2022. Release note:
All actions taken in a Carbon Black Cloud organization are now reported in the organization's
Audit Log, whether those actions are taken by users or by authorized VMware employees.
Previously, VMware employee activity was only available by Support request. This change
not only reports those actions that were already logged when performed by users (such as
Customer Support enrolling a new user login, generating new company registration codes,
and more), but also shows previously-invisible logs for such actions as disabling SAML/2FA
or requesting sensor logs. In cases where an audit log entry reports on VMware employee
activity, the specific email and IP addresses are obfuscated for privacy. To quickly find those
audit log entries, you can search for VMware employee in the Audit Log page. This change
has been applied retroactively to make all such past actions visible in your Audit Log.
