Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Application Networking and Security
Enterprise Software
Mainframe Software
Software Defined Edge
Symantec Enterprise
Tanzu
VMware Cloud Foundation
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Betas
Flings
Education
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Knowledge Base
Private Community
Private Community
View Only
Community Home
Threads
0
Library
0
Blogs
7.3K
Events
0
Members
1.2K
Carbon Black Cloud: How to Close Alerts
By
Yang Zheng
posted
Jul 19, 2017 08:57 PM
4
Recommend
Environment
Carbon Black Cloud Console: August '23 Release (1.17) and Higher
Objective
How to close/dismiss Alerts using the new workflow.
Resolution
In the Console, navigate to the
Alerts
page.
Set
Group by: None
at the top of the page.
From the desired Alert, open the row's side panel.
Click the
Actions
dropdown menu and click
Close
.
From the Close Alert window, fill out the desired information.
In the
Close As
dropdown, select a reason for closing the alert:
Resolved
No reason
Resolved - Benign/Known good
Duplicate/Cleanup
Other
Use the
Note
field to outline the reason for closing the Alert (or all future Alerts, if applicable), to aid other Console users.
In the
Manage Related Alerts
section, choose whether to:
Close all existing Alerts with the same Threat ID.
Automatically close all future Alerts with the same Threat ID.
Note: To dismiss only this single Alert, uncheck "Close all existing..." and select "No...".
Click
Close Alert
.
Additional Notes
Closing an Alert is the same as dismissing an Alert. The verbiage has changed as of Console version 1.17.
After closing, the workflow status of the Alert changes to Closed and the change is recorded in the Alert ID History pane.
Use the Alert ID History pane to view all previous changes to the workflow status of the Alert.
Under Manage Related Alerts, click View Alerts to view all Alerts with the same Threat ID.
You can also close Alerts by checking the box to select the desired Alert(s), then use the Take Action > Close Alerts button.
Closing an Alert is not instantaneous; there is a time delay of less than five minutes.
Related Content
VMware Carbon Black Cloud Console Release Notes
View Alert Details
Editing the Alert Workflow
Endpoint Standard: How is event data categorized, and formed into an Alert?
Endpoint Standard: Event ID vs Alert ID vs Threat ID
#AuditandRemediation
#EndpointStandard
#EnterpriseEDR
#ManagedDetection
#Workload
#Prevention
#Container
#CarbonBlackCloud
#ManagedDetectionandResponse
2 comments
0 views
Permalink
Copyright 2019. All rights reserved.
Powered by Higher Logic