Endpoint Standard: Are Alerts based on MITRE TTPs?
search cancel

Endpoint Standard: Are Alerts based on MITRE TTPs?

book

Article ID: 290097

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Do the MITRE ATT&CK framework TTPs added earlier in 2020 trigger Alerts on their own with respect to Enriched Events?

Environment

  • Carbon Black Cloud Console: February 18, 2020 Release and Higher (0.52.0 backend)
    • Endpoint Standard (was CB Defense)

Resolution

No. The MITRE ATT&CK framework TTPs are primarily for added information at this time, and will not generate or be the cause of an Endpoint Standard Alert being created/generated.

Additional Information

  • There can still be Alerts with no MITRE TTPs, but no MITRE TTPs generate Alerts on their own
  • Any TTP can be added to an Alert by the analytics engine based on the behavior observed by the Sensor and reported to the Cloud
Powered by Wolken Software