logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: What Does Dismissing a Group of Alerts do?

Carbon Black Cloud: What Does Dismissing a Group of Alerts do?

Environment

  • Carbon Black Cloud Console: All Versions

Question

What happens when an Alert is dismissed with Group Alerts on?

Answer

When Group Alerts is turned on, all Events associated with that ThreatID are dismissed.

Additional Notes

  • If all future instances are dismissed, only those with the same ThreatID will be dismissed.
  • The analytics engine builds an identifier or "cause" called a ThreatID based on factors including both the application and the behavior of the application.
  • Threats with the same "cause" are grouped together on the Alerts pages (All Alerts, Preventions, Detections).
  • It will not dismiss any other actions done by the same file unless they are also tied to the same ThreatID.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎08-27-2020
Views:
1740
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.