EDR: Why Does An Alert For An IOC Trigger For Only One Endpoint When Multiple Endpoints Are Affected?
search cancel

EDR: Why Does An Alert For An IOC Trigger For Only One Endpoint When Multiple Endpoints Are Affected?

book

Article ID: 287291

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Why does an alert for an IOC trigger for one endpoint when multiple endpoints are affected?

Environment

  • EDR Server: 7.5.0 and Higher

Resolution

Only one alert triggers so that the Triage Alerts page of the EDR UI is not cluttered with the same alert, thereby increasing the opportunity that a more significant alert would be missed.
 

Additional Information

The additional endpoints that received the alert can be found in the details of the process in the Process Analysis page.
Powered by Wolken Software