Enterprise EDR: How to add Tags to new Threat Report
search cancel

Enterprise EDR: How to add Tags to new Threat Report

book

Article ID: 289599

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide steps to add Tags to a new Threat Report for a Watchlist

Environment

  • Carbon Black Cloud Console: All Versions
    • Enterprise EDR (was CB ThreatHunter)

Resolution

  1. Go to Investigate page
  2. Enter search terms to find desired processes/events
  3. Click 'Add search to threat report' link (below search button/magnifying glass icon)
  4. After 'Add Query' modal appears, select existing Watchlist from dropdown (may also create new Watchlist)
  5. Click 'Add new' to create new Threat Report
  6. Enter Name* and select desired Severity** (add Description as desired)
  7. Enter one or more words to be used as Tags, clicking or pressing enter after each Tag
  8. Click Save button
*: required field
**: required field, default value is 5

Additional Information

  • Tags on existing Threat Reports can only be edited via API¬†and not via the Console
  • Must click/press enter key after each tag, even when entering a single word
  • Adding one or more words without pressing enter before saving the Threat Report will result in the report being added without Tags