Managed Detection: How to Remove Repeat Results From Trusted Processes/Files
search cancel

Managed Detection: How to Remove Repeat Results From Trusted Processes/Files

book

Article ID: 291191

calendar_today

Updated On:

Products

Carbon Black Cloud Managed Detection (formerly Cb Threatsight)

Issue/Introduction

How do I remove repeated results in ThreatSight Reports for trusted processes? 

Environment

  • Carbon Black Cloud Console: All versions
  • Managed Detection Reports

Resolution

The values in the ThreatSight Reports are based on the Alerts ThreatSight uses for the data. By setting dismissals for Grouped Alerts in the future and possible Policy Permissions to filter out these Alerts they will not show in the ThreatSight Reports. 

Additional Information

Using Grouped Alerts for future dismissal is the best way to filter out the trusted applications not being Terminated by the Policy Rules. This still logs all the information but helps seeing the significant Events / Processes easier for review. 
Powered by Wolken Software