Suspicious or threatening activity is reported through Saved Views on the console Events page and the Files pages.
Check these views periodically as part of your threat monitoring activity. In addition to providing information, monitoring these threat reports also help you take actions to improve reporting and remediate threats:
- Create Indicator Set Exceptions – If you see specific threat-related events that you do not want reported, you can create Indicator Set Exceptions to eliminate reporting of those events. See Indicator Set Exceptions.
- Disable Indicator Sets – If you determine that a particular Indicator Set always reports events that are not of interest, you can disable the Indicator Set. See Indicator Sets for Threat Detection.
- Enable Indicator Sets – If you have not enabled all Indicator Sets and you think that certain critical activity is not being reported, see whether the disabled Indicator Sets would report that activity. See Indicator Sets for Threat Detection.
- Create Alerts – If you see detection-related events that you consider high priority, consider creating alerts for those events. See Threat-Related Alerts
- Remediate Threats – As you monitor threats, you can see events that require remediation. This remediation might involve actions done outside of Carbon Black App Control, creation of Carbon Black App Control rules, or some combination of the two. See Responding to Threats.