Generate a Test Alert For SIEM Ingestion
search cancel

Generate a Test Alert For SIEM Ingestion

book

Article ID: 389235

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Workload Carbon Black Cloud Prevention

Issue/Introduction

To generate an alert for SIEM testing purposes

Environment

  • Carbon Black Cloud Sensor: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. Create a Blocking and Isolation Rule to block an executable at a particular path. Example: 
    c:\users\downloads\EnterCustomFolderNameHere\*.exe > runs or is running > Terminate
  2. Place the executable in the path, and then attempt to execute it
  3. An alert with the block will appear in the console
Powered by Wolken Software