Carbon Black Cloud: Grouped Alerts are sorted by First Seen date of the first instance
search cancel

Carbon Black Cloud: Grouped Alerts are sorted by First Seen date of the first instance

book

Article ID: 289642

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Recent Alerts do not impact the Sort Order when "Group Alerts" is toggled on the Alerts Page

Environment

  • Carbon Black Cloud Console: All Supported Versions
    • Endpoint Standard (Formerly CB Defense)
    • Enterprise EDR (Formerly CB ThreatHunter)

Cause

The default search is sorted by the "First Seen" date of the threat_id, which is used to Group Alerts

Resolution

Untoggle "Group Alerts" to ensure that you see the latest instances of Alerts

Additional Information

A future UI Enhancement will correct this behavior.
Powered by Wolken Software