logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Enable Threat Report Title in Triage Alerts

EDR: Enable Threat Report Title in Triage Alerts

Environment

  • EDR Server: 7.x
  • EDR Server: 6.5.3 and Higher

Objective

To enable the report ID's from threat reports to display as the actual titles instead of ID's

Resolution

To enable this for on-prem EDR customers:
  1. Open /etc/cb/cb.conf
  2. Add:
FeedHitLoadReportTitles=True
  1. Save and exit the cb.conf file
  2. Restart instance services

To enable this for Hosted EDR customers:
  1. Open a Support case
  2. Support will request the cloud operations team to perform identical steps as above and notify once complete

Additional Notes

  • Note: Please use this feature with caution. Additional memory will be used, proportional to the number of reports on your server.
  • Further details can be found on page 291 in the 7.6 User Guide
  • After you have changed the cb.conf setting and restarted cb-enterprise services, the report names are populated in the following places:
    • In the Triage Alerts page Records facet.
    • Bus events.
    • Syslog notifications.
    • Email notifications. Both report ID and report name are displayed in the email. If the feature is turned off, the report name is displayed as “Unknown”.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
634
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.