Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?
search cancel

Managed Detection: Does Enabling Private Logging Cause the Sent Alerts to Contain Less Information?

book

Article ID: 285394

calendar_today

Updated On:

Products

Carbon Black Cloud Managed Detection (formerly Cb Threatsight)

Issue/Introduction

Does enabling Private Logging in a CBC policy cause the alerts sent from the Managed Detection team to contain less information?

Environment

  • CBC Web Console: All Versions
  • Managed Detection

Resolution

Enabling Private Logging within a policy can prevent the Managed Detection team from sending much of the useful information obtained from an alert - thereby limiting the scope of the Manage Detection alerts.

Additional Information

  • The most important IOC being considered by the Managed Detection team is typically the command line argument, which is redacted if Private Logging is enabled.
  • Enabling Private Logging can prevent the Managed Detection team from identifying "living off the land" attacks.
Powered by Wolken Software