Watchlist alerts still occur after selecting a False Positive determination action in the Carbon Black Cloud console.

search cancel

Watchlist alerts still occur after selecting a False Positive determination action in the Carbon Black Cloud console.

book

Article ID: 370625

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Watchlist Alerts still occur after submitting False Positive determination in the Carbon Black Cloud console.

Environment

Carbon Black Cloud Console / Backend: All version
Carbon Black Cloud Sensors: All versions

Resolution

This is normal behavior. Alert determination is not a binary on/off process but involves Machine Learning (ML) algorithm. As such it many take up to 30 days for ML-driven determination results to impact the alerts.

Additional Information

As a workaround, one can fine tune the criteria of the watchlist alert to only trigger/alert on more specific conditions.

Feedback

thumb_up Yes

thumb_down No