Endpoint Standard: What is the mapping between malware type of alerts on the dashboard and those shown in the SIEM API
search cancel

Endpoint Standard: What is the mapping between malware type of alerts on the dashboard and those shown in the SIEM API

book

Article ID: 287466

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

To provide the relationship between malware type of alerts in the Dashboard and SIEM API information so that the customer can set up customized connector log filters.

Environment

  • Carbon Black Cloud (formerly PCS): All versions
    • Endpoint Standard (formerly Cb Defense)

Resolution

See below for the relationship between SIEM/JSON information and categories given in the dashboard:

("threatCategory" in JSON logs => Console type) 
  • KNOWN_MALWARE => Malware, 
  • RISKY_PROGRAM => PUPs, 
  • NEW_MALWARE => Potential Malware, 
  • NON_MALWARE => Non-malware 
Powered by Wolken Software