Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud (formerly PCS): All versions
- Endpoint Standard (formerly Cb Defense)

Objective

To provide the relationship between malware type of alerts in the Dashboard and SIEM API information so that the customer can set up customized connector log filters.

Resolution

See below for the relationship between SIEM/JSON information and categories given in the dashboard:

("threatCategory" in JSON logs => Console type)

KNOWN_MALWARE => Malware,
RISKY_PROGRAM => PUPs,
NEW_MALWARE => Potential Malware,
NON_MALWARE => Non-malware

Article Information

Author:

Creation Date:

‎08-31-2020

Views:

1053

Knowledge Base

Endpoint Standard: What is the mapping between malware type of alerts on the dashboard and those shown in the SIEM API

Endpoint Standard: What is the mapping between malware type of alerts on the dashboard and those shown in the SIEM API

Environment

Objective

Resolution

Audit and Remediation

Carbon Black Cloud

Endpoint Standard

Enterprise EDR

Managed Detection

Workload

Knowledge Base

Endpoint Standard: What is the mapping between malware type of alerts on the dashboard and those shown in the SIEM API

Endpoint Standard: What is the mapping between malware type of alerts on the dashboard and those shown in the SIEM API

Environment

Objective

Resolution

Audit and Remediation

Carbon Black Cloud

Endpoint Standard

Enterprise EDR

Managed Detection

Workload

Thank you for your feedback.

Thank you for your feedback.