Endpoint Standard: How Does Event Suppression Work in Mac Sensors?
Article ID: 290551
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
How does the sensor suppress events in order to reduce event noise?
Environment
- Endpoint Standard Sensor: All Supported Versions
- Carbon Black Cloud: All Supported Versions
- Apple macOS: All Supported Versions
Resolution
- To avoid excessive traffic, the repetitive, similar, events are suppressed, not reported to the cloud.
- The suppression interval for process creation events is six hours.
Feedback
Yes
No
Powered by
