During alert triage, you can investigate the alert and take action to address the alert.
Important: If the Alert Triage page displays "no data," the system may still be gathering data in the background. Please be patient; it may take several minutes to populate the page depending on the quantity of new alerts. Refreshing the page after a brief wait may resolve the issue. (This is a known issue that will be resolved in the near future.)
- Click Investigate to view and analyze events that triggered an alert on the Investigate page.
- Click the orange Take Action button to:
- Add to approved list
- Add to banned list
- Request upload
- Delete application
- View the observations that triggered an alert on the Alert Details pane.
Note: Host-Based Firewall and IDS alerts contain a maximum of 100 observations. Beyond 100, Carbon Black Cloud suppresses additional duplicate observations.