How to tune watchlists
search cancel

How to tune watchlists

book

Article ID: 290654

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Tune watchlists at the report and IOC levels

Environment

  • Enterprise EDR (Formerly CB ThreatHunter) Console: All Versions

Resolution

  1. On the Watchlists page, select a watchlist
  • To tune at the report level, click the Reports tab, select a report, then click Take Action to:
    • Include or exclude a report from detection (Disable/Enable)
    • Remove a report from a watchlist (Remove)
  • To tune at the IOC level, click the Name of the report, select an IOC, then click Take Action to include or exclude an IOC from detection (Disable/Enable)