Environment
- Carbon Black Cloud Console
Question
Is there a way to determine which users are dismissing alerts within the console?
Answer
1. Go to Alert Triage
2. Double-click on desired alert banner or click on the arrow located on the right side of the alert banner.
2. Check the URL for the ThreatID, copy the string.
Example value in red:
https://csr-prod05.bit9.local/alerts?selected[threat_id]=9b9a37a1b781579e4beeb00af0661c71
3. Go to the Settings > Audit Log and search for the ThreatID value. The user will be listed with the dismissal entry.
Related Content