Endpoint Standard: Are Alerts based on MITRE TTPs?
search cancel

Endpoint Standard: Are Alerts based on MITRE TTPs?


Article ID: 290097


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


Do the MITRE ATT&CK framework TTPs added earlier in 2020 trigger Alerts on their own with respect to Enriched Events?


  • Carbon Black Cloud Console: February 18, 2020 Release and Higher (0.52.0 backend)
    • Endpoint Standard (was CB Defense)


No. The MITRE ATT&CK framework TTPs are primarily for added information at this time, and will not generate or be the cause of an Endpoint Standard Alert being created/generated.

Additional Information

  • There can still be Alerts with no MITRE TTPs, but no MITRE TTPs generate Alerts on their own
  • Any TTP can be added to an Alert by the analytics engine based on the behavior observed by the Sensor and reported to the Cloud