logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: Is There A Way To Tell Which Component Of An IOC Triggered An Alert?

Enterprise EDR: Is There A Way To Tell Which Component Of An IOC Triggered An Alert?

Environment

Enterprise EDR (Formerly CB ThreatHunter) Web Console: All Versions

Question

Is There A Way To Tell Which Specific Component Of An IOC Triggered An Alert?

Answer

No. Currently there is no way to tell which component(s) were responsible, only the name of the IOC involved

Additional Notes

A feature request has been added over in 'Idea Central' on the UeX, at the following link. Please feel free to vote on this...

Enterprise EDR: Add the ability to determine which component of an IOC triggered an alert


Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-18-2020
Views:
288
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.