EDR: How to Ignore Future Events for False Positive Alerts
search cancel

EDR: How to Ignore Future Events for False Positive Alerts

book

Article ID: 286248

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

How to Ignore Future Events for False Positive Alerts

Environment

  • EDR (Formerly CB Response) Console: All Supported Versions

Resolution

  1. In the navigation bar, select Triage Alerts.
  2. In the Alerts table, select the check box to the left of the alert with the triggering event to ignore.
  3. Click the False Positive button
  4. In the "Mark All as Resolved False Positive" window, future events can be ignored from this report by moving the slider button to Yes.
  5. To resolve the alert and ignore future events, click the Resolve button.

Additional Information

  • Marking events from multiple alerts to be ignored involves searching for the alerts to ignore, confirming that the results that are expected, and then making a bulk resolution.
  • Do note that only threat feed alerts can be designated as alerts to ignore. Alerts from watchlist matches are always triggered, since watchlists are assumed to use criteria specifically chosen.
     
Powered by Wolken Software