Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Tune watchlists at the report and IOC levels
Environment
Enterprise EDR (Formerly CB ThreatHunter) Console: All Versions
Resolution
On the Watchlists page, select a watchlist
To tune at the report level, click the Reports tab, select a report, then click Take Action to:
Include or exclude a report from detection (Disable/Enable)
Remove a report from a watchlist (Remove)
To tune at the IOC level, click the Name of the report, select an IOC, then click Take Action to include or exclude an IOC from detection (Disable/Enable)