Knowledge Base

Yes

Environment

Carbon Black Cloud Managed Detection and Response: All versions

Question

Audit log shows an entry in this format:
- IP Address: VMware employee IP
- User: VMware employee
- Action: Updated ThreatSight recipient X in organization Y

Answer

As of January 2023, the Managed Detection and Response (MDR) team made it mandatory that every organization have at least one recipient for alert notifications, monthly and daily summary reports.

Additional Notes

Customers are required to have one recipient for the Alert notifications & monthly reports.
Customer is encouraged to update this as needed.
Email is the only mechanism the MDR team have to communicate with customers.
The MDR team need to ensure when an action is required, it is going to a contact at the customer's organization who can take action.
The MDR team unified email records between the CBC console and the MDR analyst console to ensure the customer has full control over the recipient receiving the emails.
The MDR team strongly recommend all customers receive a daily summary for record keeping.
Customers can learn more about configuring MDR here.

Knowledge Base

Managed Detection and Response: Why was ThreatSight recipient added by "VMware employee"?

Managed Detection and Response: Why was ThreatSight recipient added by "VMware employee"?

Environment

Question

Answer

Additional Notes

Related Content

Carbon Black Cloud

Managed Detection and Response

Knowledge Base

Managed Detection and Response: Why was ThreatSight recipient added by "VMware employee"?

Managed Detection and Response: Why was ThreatSight recipient added by "VMware employee"?

Environment

Question

Answer

Additional Notes

Related Content

Carbon Black Cloud

Managed Detection and Response

Thank you for your feedback.

Thank you for your feedback.