Carbon Black Cloud: Why Does an Alert Description Differ Between Console and Email Notification?
Article ID: 290202
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Why does the description for an alert differ from an email notification to the web console?
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard Sensor: All Supported Versions
- Windows: All Supported Versions
- MacOS: All Supported Versions
Resolution
If a notification is sent on an alert that meets the criteria( for example, "Threat" >= 5), and another alert happens later that analytics bundles with the same threat, The description of the threat is updated in the web console to reflect the latest/most severe activity, but the back end doesn't send out an additional email.
Additional Information
Analytics intentionally groups many alerts, in the same time window, on the same device into a single threat for the customer. Whenever an alert description is updated, additional emails are not sent. This is intended behavior to reduce notification noise for the customer.
Feedback
Yes
No
Powered by
