Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?
CBC Web Console: All Versions
Does enabling Private Logging in a CBC policy cause the alerts sent from the Managed Detection team to contain less information?
Enabling Private Logging within a policy can prevent the Managed Detection team from sending much of the useful information obtained from an alert - thereby limiting the scope of the Manage Detection alerts.
The most important IOC being considered by the Managed Detection team is typically the command line argument, which is redacted if Private Logging is enabled.
Enabling Private Logging can prevent the Managed Detection team from identifying "living off the land" attacks.