Environment
- EDR Server: 7.x
- EDR Server: 6.5.3 and Higher
Objective
To enable the report ID's from threat reports to display as the actual titles instead of ID's
Resolution
To enable this for on-prem EDR customers:
- Open /etc/cb/cb.conf
- Add:
FeedHitLoadReportTitles=True
- Save and exit the cb.conf file
- Restart instance services
To enable this for Hosted EDR customers:
- Open a Support case
- Support will request the cloud operations team to perform identical steps as above and notify once complete
Additional Notes
- Note: Please use this feature with caution. Additional memory will be used, proportional to the number of reports on your server.
- Further details can be found on page 291 in the 7.6 User Guide
- After you have changed the cb.conf setting and restarted cb-enterprise services, the report names are populated in the following places:
- In the Triage Alerts page Records facet.
- Bus events.
- Syslog notifications.
- Email notifications. Both report ID and report name are displayed in the email. If the feature is turned off, the report name is displayed as “Unknown”.
Related Content