Carbon Black Cloud: How to filter alerts involving USB or any other removable media as threat vector
search cancel

Carbon Black Cloud: How to filter alerts involving USB or any other removable media as threat vector

book

Article ID: 290734

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to filter alerts based on the threat vector being a removable media

Environment

  • Carbon Black Cloud (formerly PSC) Sensor: All Versions
    • Audit & Remediation (was CB LiveOps)
    • Endpoint Standard (was CB Defense)
    • Enterprise EDR (was CB ThreatHunter)
    • Managed Detection (was CB ThreatSight)

Resolution

This can be found in one of the following two ways:
  • Run below search query on the Alerts page:  
    threat_vector: REMOVABLE_MEDIA
  • Navigate to Dashboard > "Attacks By Vector" > Click on Removable Media 

Additional Information

Vector: REMOVABLE_MEDIA is mentioned as Alert Origin under "Alert Origin, Behavior, Notes and Tags" on the Alerts Triage page for USB or other removable media related alerts
 
Powered by Wolken Software