Access official resources from Carbon Black experts
How is event data categorized, formed into an Alert, and identified?
Data Type | Identifier | Description |
---|---|---|
Group Alerts | Threat ID - every Alert will be assigned a Threat ID and there are two factors that will determine if the same Threat ID will be assigned to an Alert:
| If the applications hash changes, then a new Threat ID will be assigned. Even if the application name is the same.E.g. Different versions of the same application. Additionally, if the reason for the alert (the associated alert behavior) changes, then a new Threat ID will be generated. Please note that a change to either of these (hash or behavior) will result in the alerts not being grouped together. They will be considered separate incidents and be reflected as such in the UI. |
Alerts | Alert ID - when a new Alert is generated, it will be be assigned a unique 8 character Alert ID. This is true even if there are subsequent Alerts created with the exact same hash, action, or device. | If an Alert is generated from the event data, then an Alert summary will be available under the Alerts Page. However, you will be required to go to the Investigate page to view all events tied to a specific Alert. |
Events | Event ID - every event sent from the sensor to the Dashboard, will be assigned a unique Event ID. | The sensor will upload all event data to the Investigate page of the Cb Defense Web Console. This includes but is not limited to all failed and successful operations which happen at the machine level as well as any operations which are blocked or terminated by the sensor. |
Cb Defense: Severity, Threat Level, Target Value, Malware Types Information
Cb Defense: Alert ID vs. Threat ID
Cb Defense: Data Retention Limits
Cb Defense: How to Dismiss Alerts
Cb Defense: What Does Dismissing a Group of Alerts do?
Cb Defense: Why doesn't POLICY_DENY of KNOWN_MALWARE generate an Alert?
Cb Defense: How To Provide A Malware Sample To Carbon Black Support
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.