Enterprise EDR: Watchlist Alert ID does not match Alert ID on Investigate page

Enterprise EDR: Watchlist Alert ID does not match Alert ID on Investigate page

search cancel

Enterprise EDR: Watchlist Alert ID does not match Alert ID on Investigate page

book

Article ID: 290626

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Watchlist Alert IDs display the following format on the Alerts page:
- {ORG_KEY}-00e23c7b-000013b4-00000000-1d5df61ab230d55-CFnKBKLTv6hUkBGFobRdg-565577
Investigating a Watchlist Alert from the Alerts page will populate an Alert ID on the Investigate page in a similar format as below:
- 2DC13D9D9EFEEC70B30D51CC7F1E3E97

Environment

Enterprise EDR Web Console: All Versions

Cause

The cause of this behavior is due to the architecture of the product in its current state

Resolution

VMware Carbon Black engineering is investigating a possible resolution to align Watchlist Alert IDs on the Alert and Investigate pages

Feedback

thumb_up Yes

thumb_down No