Environment
- Carbon Black Cloud (formerly PCS): All versions
- Endpoint Standard (formerly Cb Defense)
Objective
To provide the relationship between malware type of alerts in the Dashboard and SIEM API information so that the customer can set up customized connector log filters.
Resolution
See below for the relationship between SIEM/JSON information and categories given in the dashboard:
("threatCategory" in JSON logs => Console type)
- KNOWN_MALWARE => Malware,
- RISKY_PROGRAM => PUPs,
- NEW_MALWARE => Potential Malware,
- NON_MALWARE => Non-malware