Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Managed Detection: How to Remove Repeat Results From Trusted Processes/Files

Managed Detection: How to Remove Repeat Results From Trusted Processes/Files

Environment

  • Carbon Black Cloud Console: All versions
  • Managed Detection Reports

Objective

How do I remove repeated results in ThreatSight Reports for trusted processes? 

Resolution

The values in the ThreatSight Reports are based on the Alerts ThreatSight uses for the data. By setting dismissals for Grouped Alerts in the future and possible Policy Permissions to filter out these Alerts they will not show in the ThreatSight Reports. 

Additional Notes

Using Grouped Alerts for future dismissal is the best way to filter out the trusted applications not being Terminated by the Policy Rules. This still logs all the information but helps seeing the significant Events / Processes easier for review. 

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-20-2019
Views:
479
Contributors