How to Close Alerts
search cancel

How to Close Alerts

book

Article ID: 286327

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to close/dismiss Alerts using the new workflow.

Environment

  • Carbon Black Cloud Console: August '23 Release (1.17) and Higher

Resolution

  1. In the Console, navigate to the Alerts page.
  2. Set Group by: None at the top of the page.
  3. From the desired Alert, open the row's side panel.
  4. Click the Actions dropdown menu and click Close.
  5. From the Close Alert window, fill out the desired information.
  6. In the Close As dropdown, select a reason for closing the alert:
    • Resolved
    • No reason
    • Resolved - Benign/Known good
    • Duplicate/Cleanup
    • Other
  7. Use the Note field to outline the reason for closing the Alert (or all future Alerts, if applicable), to aid other Console users.
  8. In the Manage Related Alerts section, choose whether to:
    • Close all existing Alerts with the same Threat ID.
    • Automatically close all future Alerts with the same Threat ID.
    Note: To dismiss only this single Alert, uncheck "Close all existing..." and select "No...".
  9. Click Close Alert.

Additional Information

  • Closing an Alert is the same as dismissing an Alert. The verbiage has changed as of Console version 1.17.
  • After closing, the workflow status of the Alert changes to Closed and the change is recorded in the Alert ID History pane.
  • Use the Alert ID History pane to view all previous changes to the workflow status of the Alert.
  • Under Manage Related Alerts, click View Alerts to view all Alerts with the same Threat ID.
  • You can also close Alerts by checking the box to select the desired Alert(s), then use the Take Action > Close Alerts button.
  • Closing an Alert is not instantaneous; there is a time delay of less than five minutes.
Powered by Wolken Software