Carbon Black Cloud: How to Reopen Alerts Closed by Threat ID
Article ID: 286326
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
To reopen alerts closed by threat ID
Environment
- Carbon Black Cloud Console: August '23 Release (1.17) and Higher
Resolution
- In the Console, navigate to the Alerts page.
- Set Group by: None at the top of the page.
- Filter by Workflow: Closed on the left-hand side of the page
- From the desired Alert, open the row's side panel.
- Click the Actions dropdown menu and click Open Alert.
- From the Open Alert window, fill out the desired information.
- Use the Note field to outline the reason for opening the Alert (or all future Alerts, if applicable), to aid other Console users.
- In the Manage Related Alerts section, choose whether to:
- Open all existing alerts with the same threat ID
- Automatically open all future alerts with the same threat ID or Maintain current auto-closure rules
- Click Open Alert
Additional Information
- In the Manage Related Alerts section there is a View Alerts option to view all alerts with the same threat ID.
- The workflow status of the alert changes to Open.
- The change is recorded in the Alert ID History pane. Use the Alert ID History pane to view all previous changes to the workflow status of the alert.
- Alerts can also be opened by checking the box to select the desired Alert(s), then use the Take Action > Close Alerts button.
- Multiple alerts with different threat IDs can be opened at once, and a choice can be made to manage related alerts for all of the associated threat IDs.
- Opening an alert is not instantaneous; there is a time delay of less than five minutes.
Feedback
Yes
No
Powered by
