Environment
- Carbon Black Cloud Console: February 18, 2020 Release and Higher (0.52.0 backend)
- Endpoint Standard (was CB Defense)
Question
Do the MITRE ATT&CK framework TTPs added earlier in 2020 trigger Alerts on their own with respect to Enriched Events?
Answer
No. The MITRE ATT&CK framework TTPs are primarily for added information at this time, and will not generate or be the cause of an Endpoint Standard Alert being created/generated.
Additional Notes
- There can still be Alerts with no MITRE TTPs, but no MITRE TTPs generate Alerts on their own
- Any TTP can be added to an Alert by the analytics engine based on the behavior observed by the Sensor and reported to the Cloud
Related Content