Enterprise EDR: How to add Tags to new Threat Report
Article ID: 289599
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Provide steps to add Tags to a new Threat Report for a Watchlist
Environment
- Carbon Black Cloud Console: All Versions
- Enterprise EDR (was CB ThreatHunter)
Resolution
- Go to Investigate page
- Enter search terms to find desired processes/events
- Click 'Add search to threat report' link (below search button/magnifying glass icon)
- After 'Add Query' modal appears, select existing Watchlist from dropdown (may also create new Watchlist)
- Click 'Add new' to create new Threat Report
- Enter Name* and select desired Severity** (add Description as desired)
- Enter one or more words to be used as Tags, clicking or pressing enter after each Tag
- Click Save button
*: required field
**: required field, default value is 5
**: required field, default value is 5
Additional Information
- Tags on existing Threat Reports can only be edited via API and not via the Console
- Must click/press enter key after each tag, even when entering a single word
- Adding one or more words without pressing enter before saving the Threat Report will result in the report being added without Tags
Feedback
Yes
No
Powered by
