Endpoint Standard: More than 1 Alert generated from 1 Event
search cancel

Endpoint Standard: More than 1 Alert generated from 1 Event

book

Article ID: 288686

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • 2 Alerts are generated for the same Event ID

Environment

  • Carbon Black Cloud Console

Cause

  • This is expected behavior and working as designed

Resolution

  • This is expected behavior and working as designed

Additional Information

  • This generation of 2 Alerts from the same Even ID is from different detection techniques
  • One Alert is generated for Hash detection, such as when a Hash with Known Malware Reputation is detected by the Sensor
  • One Alert is generated from Behavior detection, when the actions involved with the Hash is detected by the Sensor. 
Powered by Wolken Software