logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: "Alert" Email notifications seemingly continue to be generated even though all future alerts are auto-dismissed and "suppressed".

Carbon Black Cloud: "Alert" Email notifications seemingly continue to be generated even though all future alerts are auto-dismissed and "suppressed".

Environment

  • Carbon Black Cloud Server: All versions
  • Carbon Black Cloud Sensor: All versions

Symptoms

  1. An initial alert is dismissed with the action checked to auto-dismiss all future versions of the alert.
  2. Admin continues to receive similar email notifications with the title "CARBON BLACK CLOUD ALERT" that the action causing the initial alert has occurred again (aka. a policy block for an executable)

Cause

There are actually two types of email notifications: One notifies of an actual Alert (that can be seen in the console's Alerts page) and 2). an email notifying that that a permissions action has occurred, say, to deny/block an application. This second category does not trigger a true alert, but does generate an email notification when a policy action has been applied with the title including the term "ALERT" which can cause confusion. The second setting is in the Settings / Notifications page of the Console.

Resolution

Functioning as designed.

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎04-10-2023
Views:
1692
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.