Security Connect 2021 is coming Jun 3. Register for free today!

Cb Defense: How to Find Policy Actions in the Web Console

Cb Defense: How to Find Policy Actions in the Web Console

Environment

  • CB Defense PSC Backend: All Versions

Objective

This document describes how to search for Policy Actions (blocks/terminations) in the CB Defense PSC Console


Resolution

Search for blocks/terminations on all systems

  1. Log in to Cb Defense Dashboard

  2. Go to Investigate page
  3. Choose time period
  4. Search for POLICY_TERMINATE or POLICY_DENY to find all events of blocks/terminations during the specified time period across all devices in the org 
TTP:POLICY_DENY OR TTP:POLICY_TERMINATE 

Search for blocks/terminations on a selected device

  1. Go to the Endpoints page
  2. Search for the Device Name
  3. Click on the Device Name to be taken to the Investigate page
  4. Choose time period
  5. Search for POLICY_TERMINATE or POLICY_DENY to find events of blocks/terminations on this device during the specified time period
TTP:POLICY_DENY OR TTP:POLICY_TERMINATE

Additional Notes

  • Use OR to find both POLICY_TERMINATE and POLICY_DENY TTPs in one search query
  • Some events might say: "The operation was blocked by the operating system". That means the blocking action was NOT taken by Cb Defense policy actions, but by the Operating System itself.

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎02-15-2017
Views:
1393
Contributors