Carbon Black Cloud: How to Reopen Alerts Closed by Threat ID
search cancel

Carbon Black Cloud: How to Reopen Alerts Closed by Threat ID


Article ID: 286326


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


To reopen alerts closed by threat ID


  • Carbon Black Cloud Console: August '23 Release (1.17) and Higher


  1. In the Console, navigate to the Alerts page.
  2. Set Group by: None at the top of the page.
  3. Filter by Workflow: Closed on the left-hand side of the page
  4. From the desired Alert, open the row's side panel.
  5. Click the Actions dropdown menu and click Open Alert.
  6. From the Open Alert window, fill out the desired information.
  7. Use the Note field to outline the reason for opening the Alert (or all future Alerts, if applicable), to aid other Console users.
  8. In the Manage Related Alerts section, choose whether to:
  • Open all existing alerts with the same threat ID
  • Automatically open all future alerts with the same threat ID or Maintain current auto-closure rules
  1.  Click Open Alert

Additional Information

  • In the Manage Related Alerts section there is a View Alerts option to view all alerts with the same threat ID.
  • The workflow status of the alert changes to Open.
  • The change is recorded in the Alert ID History pane. Use the Alert ID History pane to view all previous changes to the workflow status of the alert.
  • Alerts can also be opened by checking the box to select the desired Alert(s), then use the Take Action > Close Alerts button.
  • Multiple alerts with different threat IDs can be opened at once, and a choice can be made to manage related alerts for all of the associated threat IDs.
  • Opening an alert is not instantaneous; there is a time delay of less than five minutes.