CB Defense: TTPs are missing from Alert Notifications
Article ID: 290391
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
TTPs are missing from Alert Notifications
Environment
CB Defense PSC Console: All Versions
Cause
- The notification service only sends one set of data out for an alert
- Its possible that new events may be added after the alert is generated, and this will add additional TTPs to the Alert
- If an alert is modified by the backend after the notification service sends data, the Connector / Email won't have the new alert info
Resolution
- This is a limitation of the notification service
- If the notification service waits until all possible events are added to an Alert, then notification delays would be observed, so currently notifications are sent immediately when an Alert is generated
Feedback
Yes
No
Powered by
