Managed Detection and Response: ThreatSight recipient added by "VMware employee"
Article ID: 286300
Updated On:
Products
Carbon Black Cloud Managed Detection and Response
Carbon Black Cloud Managed Detection (formerly Cb Threatsight)
Issue/Introduction
- Audit log shows VMware employee added a ThreatSight report recipient
Environment
- Carbon Black Cloud Managed Detection and Response: All versions
Cause
- As of January 2023, the Managed Detection and Response (MDR) team made it mandatory that every organization have at least one recipient for alert notifications, monthly and daily summary reports.
Resolution
- Customers are required to have one recipient for the Alert notifications & monthly reports. Email is the only mechanism we have to communicate with them, and the MDR team need to ensure when they find something that requires action, it is going to someone at the customer's organization who can take that action.
- Many customers were unaware of the daily summary, and the MDR team did make some changes to ensure someone from each org was receiving it.
- The MDR team unified their email records between the CBC console and the MDR analyst console to ensure the customer has full control over the recipient receiving the emails.
- The MDR team strongly recommend all customers receive a daily summary for record keeping.
- Customers can learn more about configuring MDR here.
Feedback
Yes
No
Powered by
