Carbon Black Cloud: "Alert" Email notifications seemingly continue to be generated even though all future alerts are auto-dismissed and "suppressed"
search cancel

Carbon Black Cloud: "Alert" Email notifications seemingly continue to be generated even though all future alerts are auto-dismissed and "suppressed"

book

Article ID: 284867

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  1. An initial alert is dismissed with the action checked to auto-dismiss all future versions of the alert.
  2. Admin continues to receive similar email notifications with the title "CARBON BLACK CLOUD ALERT" that the action causing the initial alert has occurred again (aka. a policy block for an executable)

Environment

  • Carbon Black Cloud Server: All versions
  • Carbon Black Cloud Sensor: All versions

Cause

There are actually two types of email notifications: One notifies of an actual Alert (that can be seen in the console's Alerts page) and 2). an email notifying that a permissions action has occurred, say, to deny/block an application. This second category does not trigger a true alert, but does generate an email notification when a policy action has been applied with the title including the term "ALERT" which can cause confusion. The second setting is in the Settings / Notifications page of the Console.

Resolution

Functioning as designed.