Environment
- Enterprise EDR (Formerly CB ThreatHunter) Console: All Versions
Objective
Tune watchlists at the report and IOC levels
Resolution
- On the Watchlists page, select a watchlist
- To tune at the report level, click the Reports tab, select a report, then click Take Action to:
- Include or exclude a report from detection (Disable/Enable)
- Remove a report from a watchlist (Remove)
- To tune at the IOC level, click the Name of the report, select an IOC, then click Take Action to include or exclude an IOC from detection (Disable/Enable)
Related Content
