Environment
- Carbon Black Cloud Console: All versions
- Managed Detection Reports
Objective
How do I remove repeated results in ThreatSight Reports for trusted processes?
Resolution
The values in the ThreatSight Reports are based on the Alerts ThreatSight uses for the data. By setting dismissals for Grouped Alerts in the future and possible Policy Permissions to filter out these Alerts they will not show in the ThreatSight Reports.
Additional Notes
Using Grouped Alerts for future dismissal is the best way to filter out the trusted applications not being Terminated by the Policy Rules. This still logs all the information but helps seeing the significant Events / Processes easier for review.
Related Content