Enterprise EDR: How to add Tags to new Threat Report
search cancel

Enterprise EDR: How to add Tags to new Threat Report


Article ID: 289599


Updated On:


Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


Provide steps to add Tags to a new Threat Report for a Watchlist


  • Carbon Black Cloud Console: All Versions
    • Enterprise EDR (was CB ThreatHunter)


  1. Go to Investigate page
  2. Enter search terms to find desired processes/events
  3. Click 'Add search to threat report' link (below search button/magnifying glass icon)
  4. After 'Add Query' modal appears, select existing Watchlist from dropdown (may also create new Watchlist)
  5. Click 'Add new' to create new Threat Report
  6. Enter Name* and select desired Severity** (add Description as desired)
  7. Enter one or more words to be used as Tags, clicking or pressing enter after each Tag
  8. Click Save button
*: required field
**: required field, default value is 5

Additional Information

  • Tags on existing Threat Reports can only be edited via API¬†and not via the Console
  • Must click/press enter key after each tag, even when entering a single word
  • Adding one or more words without pressing enter before saving the Threat Report will result in the report being added without Tags