Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Enable Threat Report Title in Triage Alerts

EDR: Enable Threat Report Title in Triage Alerts


  • EDR Server: 7.x
  • EDR Server: 6.5.3 and Higher


To enable the report ID's from threat reports to display as the actual titles instead of ID's


To enable this for on-prem EDR customers:
  1. Open /etc/cb/cb.conf
  2. Add:
  1. Save and exit the cb.conf file
  2. Restart instance services

To enable this for Hosted EDR customers:
  1. Open a Support case
  2. Support will request the cloud operations team to perform identical steps as above and notify once complete

Additional Notes

  • Note: Please use this feature with caution. Additional memory will be used, proportional to the number of reports on your server.
  • Further details can be found on page 291 in the 7.6 User Guide
  • After you have changed the cb.conf setting and restarted cb-enterprise services, the report names are populated in the following places:
    • In the Triage Alerts page Records facet.
    • Bus events.
    • Syslog notifications.
    • Email notifications. Both report ID and report name are displayed in the email. If the feature is turned off, the report name is displayed as “Unknown”.

Related Content

Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Creation Date: