Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Close Alerts

Carbon Black Cloud: How to Close Alerts

Environment

  • Carbon Black Cloud Console: August '23 Release (1.17) and Higher

Objective

How to close/dismiss Alerts using the new workflow.

Resolution

  1. In the Console, navigate to the Alerts page.
  2. Set Group by: None at the top of the page.
  3. From the desired Alert, open the row's side panel.
  4. Click the Actions dropdown menu and click Close.
  5. From the Close Alert window, fill out the desired information.
  6. In the Close As dropdown, select a reason for closing the alert:
    • Resolved
    • No reason
    • Resolved - Benign/Known good
    • Duplicate/Cleanup
    • Other
  7. Use the Note field to outline the reason for closing the Alert (or all future Alerts, if applicable), to aid other Console users.
  8. In the Manage Related Alerts section, choose whether to:
    • Close all existing Alerts with the same Threat ID.
    • Automatically close all future Alerts with the same Threat ID.
    Note: To dismiss only this single Alert, uncheck "Close all existing..." and select "No...".
  9. Click Close Alert.

Additional Notes

  • Closing an Alert is the same as dismissing an Alert. The verbiage has changed as of Console version 1.17.
  • After closing, the workflow status of the Alert changes to Closed and the change is recorded in the Alert ID History pane.
  • Use the Alert ID History pane to view all previous changes to the workflow status of the Alert.
  • Under Manage Related Alerts, click View Alerts to view all Alerts with the same Threat ID.
  • You can also close Alerts by checking the box to select the desired Alert(s), then use the Take Action > Close Alerts button.
  • Closing an Alert is not instantaneous; there is a time delay of less than five minutes.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎07-19-2017
Views:
11727
Contributors