Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

search cancel

Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

book

Article ID: 291449

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why does the Alert severity in the console not match the severity for the same Alerts sent to the SIEM?

Environment

Carbon Black Cloud Console: All Versions

Resolution

The Alert severity in the console can change as new events are added to it
If the Alert severity changes the new severity will not be sent to the SIEM

Additional Information

This is currently as designed. To request this behavior changed a feature request can be submitted
This behavior will also prevent any new events added to the alert from being sent after the SIEM pulls the related events the first time
This is for when using notifications to push alerts/events to a SIEM

Feedback

thumb_up Yes

thumb_down No