Carbon Black Cloud: Can admins determine which user dismissed an alert within the console?
Article ID: 292231
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Is there a way to determine which users are dismissing alerts within the console?
Environment
- Carbon Black Cloud Console
Resolution
1. Go to Alert Triage
2. Double-click on desired alert banner or click on the arrow located on the right side of the alert banner.
2. Check the URL for the ThreatID, copy the string.
Example value in red:
2. Double-click on desired alert banner or click on the arrow located on the right side of the alert banner.
2. Check the URL for the ThreatID, copy the string.
Example value in red:
https://csr-prod05.bit9.local/alerts?selected[threat_id]=9b9a37a1b781579e4beeb00af0661c713. Go to the Settings > Audit Log and search for the ThreatID value. The user will be listed with the dismissal entry.
Feedback
Yes
No
Powered by
