Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Can admins determine which user dismissed an alert within the console?

Carbon Black Cloud: Can admins determine which user dismissed an alert within the console?

Environment

  • Carbon Black Cloud Console

Question

Is there a way to determine which users are dismissing alerts within the console?

Answer

1.  Go to Alert Triage 
2.  Double-click on desired alert banner or click on the arrow located on the right side of the alert banner.
2.  Check the URL for the ThreatID, copy the string.
Example value in red:
https://csr-prod05.bit9.local/alerts?selected[threat_id]=9b9a37a1b781579e4beeb00af0661c71
3.  Go to the Settings > Audit Log and search for the ThreatID value. The user will be listed with the dismissal entry. 

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-14-2020
Views:
475
Contributors