logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Enable Threat Report Title in Triage Alerts

EDR: Enable Threat Report Title in Triage Alerts

Environment

  • EDR Server: 7.x
  • EDR Server: 6.5.3 and Higher

Objective

To enable the report ID's from threat reports to display as the actual titles instead of ID's

Resolution

To enable this for on-prem EDR customers:
  1. Open /etc/cb/cb.conf
  2. Add:
FeedHitLoadReportTitles=True
  1. Save and exit the cb.conf file
  2. Restart instance services

To enable this for Hosted EDR customers:
  1. Open a Support case
  2. Support will request the cloud operations team to perform identical steps as above and notify once complete

Additional Notes

  • Note: Please use this feature with caution. Additional memory will be used, proportional to the number of reports on your server.
  • Further details can be found on page 291 in the 7.6 User Guide
  • After you have changed the cb.conf setting and restarted cb-enterprise services, the report names are populated in the following places:
    • In the Triage Alerts page Records facet.
    • Bus events.
    • Syslog notifications.
    • Email notifications. Both report ID and report name are displayed in the email. If the feature is turned off, the report name is displayed as “Unknown”.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
584
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.