Environment

• Carbon Black Cloud Console: August '23 Release (1.17) and Higher

Objective

Resolution

1. In the Console, navigate to the Alerts page.
2. Set Group by: None at the top of the page.
3. From the desired Alert, open the row's side panel.
4. Click the Actions dropdown menu and click Close.
5. From the Close Alert window, fill out the desired information.
6. In the Close As dropdown, select a reason for closing the alert:
   • Resolved
   • No reason
   • Resolved - Benign/Known good
   • Duplicate/Cleanup
   • Other
7. Use the Note field to outline the reason for closing the Alert (or all future Alerts, if applicable), to aid other Console users.
8. In the Manage Related Alerts section, choose whether to:
   • Close all existing Alerts with the same Threat ID.
   • Automatically close all future Alerts with the same Threat ID.
   Note: To dismiss only this single Alert, uncheck "Close all existing..." and select "No...".
9. Click Close Alert.

Additional Notes

• After closing, the workflow status of the Alert changes to Closed and the change is recorded in the Alert ID History pane.
• Use the Alert ID History pane to view all previous changes to the workflow status of the Alert.
• Under Manage Related Alerts, click View Alerts to view all Alerts with the same Threat ID.
• You can also close Alerts by checking the box to select the desired Alert(s), then use the Take Action > Close Alerts button.
• Dismissing Alerts is not instantaneous; there is a time delay of less than five minutes.

Related Content