Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to filter alerts involving USB or any other removable media as threat vector

Carbon Black Cloud: How to filter alerts involving USB or any other removable media as threat vector

Environment

  • Carbon Black Cloud (formerly PSC) Sensor: All Versions
    • Audit & Remediation (was CB LiveOps)
    • Endpoint Standard (was CB Defense)
    • Enterprise EDR (was CB ThreatHunter)
    • Managed Detection (was CB ThreatSight)

Objective

How to filter alerts based on the threat vector being a removable media

Resolution

This can be found in one of the following two ways:
  • Run below search query on the Alerts page: 
    threat_vector: REMOVABLE_MEDIA
  • Navigate to Dashboard > "Attacks By Vector" > Click on Removable Media 

Additional Notes

Vector: REMOVABLE_MEDIA is mentioned as Alert Origin under "Alert Origin, Behavior, Notes and Tags" on the Alerts Triage page for USB or other removable media related alerts
 

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-14-2020
Views:
809
Contributors