CB Defense: How to search the audit log for quarantined devices?
search cancel

CB Defense: How to search the audit log for quarantined devices?

book

Article ID: 284914

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Explain process of finding entries where devices moved into quarantine via the audit log.

Environment

  • CB Defense PSC Console: All Versions

Resolution

  1. Find the endpoint on the Endpoints page
  2. Expand device information using the arrow to the left of the device status icon
  3. Copy the Device ID
  4. Head to Settings > Audit Log
  5. Paste in the Device ID in question or the word "quarantine" (no quotes). E.g. "8223767" or  "quarantine".
  6. Change the date range via the drop down menu to the right of the search bar to encompass the time frame that the device would have been quarantined
  7. Entries where endpoints were manually put into quarantine should look like "Set Quarantine to On for device(s): 8223767"

 

EG:

Powered by Wolken Software