CB Analytics Alert Message is Different From Graph in Alert Triage
Article ID: 430453
Updated On:
Products
Carbon Black Cloud Endpoint Standard
Issue/Introduction
- An alert can be made of a collection of related behaviors around the same time
Environment
- Carbon Black Cloud: All Supported Versions
- Carbon Black Cloud Sensor: 4.0.3 and Below
Cause
- Sensor versions 4.0.3 and below use some data which is no longer being used for the alert logic
- This alert logic is causing some alerts to present a low confidence data as the alert event
Resolution
- Upgrade to sensor 4.1 and above
- If unable to upgrade the sensor, the event data is still available in the alert and can be used for triaging
Feedback
Yes
No
Powered by
