Carbon Black Cloud: What Does Dismissing a Group of Alerts do?
Article ID: 289317
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
What happens when an Alert is dismissed with Group Alerts on?
Environment
- Carbon Black Cloud Console: All Versions
Resolution
When Group Alerts is turned on, all Events associated with that ThreatID are dismissed.
Additional Information
- If all future instances are dismissed, only those with the same ThreatID will be dismissed.
- The analytics engine builds an identifier or "cause" called a ThreatID based on factors including both the application and the behavior of the application.
- Threats with the same "cause" are grouped together on the Alerts pages (All Alerts, Preventions, Detections).
- It will not dismiss any other actions done by the same file unless they are also tied to the same ThreatID.
Feedback
Yes
No
Powered by
