logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Endpoint Standard: Are Alerts based on MITRE TTPs?

Endpoint Standard: Are Alerts based on MITRE TTPs?

Environment

  • Carbon Black Cloud Console: February 18, 2020 Release and Higher (0.52.0 backend)
    • Endpoint Standard (was CB Defense)

Question

Do the MITRE ATT&CK framework TTPs added earlier in 2020 trigger Alerts on their own with respect to Enriched Events?

Answer

No. The MITRE ATT&CK framework TTPs are primarily for added information at this time, and will not generate or be the cause of an Endpoint Standard Alert being created/generated.

Additional Notes

  • There can still be Alerts with no MITRE TTPs, but no MITRE TTPs generate Alerts on their own
  • Any TTP can be added to an Alert by the analytics engine based on the behavior observed by the Sensor and reported to the Cloud

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-10-2020
Views:
627
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.