Endpoint Standard: Are Alerts based on MITRE TTPs?
book
Article ID: 290097
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Do the MITRE ATT&CK framework TTPs added earlier in 2020 trigger Alerts on their own with respect to Enriched Events?
Environment
Carbon Black Cloud Console: February 18, 2020 Release and Higher (0.52.0 backend)
Endpoint Standard (was CB Defense)
Resolution
No. The MITRE ATT&CK framework TTPs are primarily for added information at this time, and will not generate or be the cause of an Endpoint Standard Alert being created/generated.
Additional Information
There can still be Alerts with no MITRE TTPs, but no MITRE TTPs generate Alerts on their own
Any TTP can be added to an Alert by the analytics engine based on the behavior observed by the Sensor and reported to the Cloud