Group alerts to view similar alerts occurring across multiple endpoints in a single row.
Note: By default, alerts are automatically set to
Group by: None.
In the Group By: None view, all alerts are displayed individually in a single alert row, even if an alert is seen on multiple devices.
You can identify alert prioritization and determine when actions need to be taken on an individual alert.
Use the Group By drop-down menu in the top right of the table to group all alerts with the same threat ID. See: Group By: Threat ID.
Note: For
Carbon Black Cloud Managed Threat Hunting customers only, the
Carbon Black Managed Detection and Response badge and the
Carbon Black Managed Detection and Response triage column are not available in the grouped alerts view.
Type/Reason Column
The Type/Reason column determines the threat ID of the alert and explains why the alert was created.
Threat ID groups include:
- Watchlist
- CB Analytics
- USB
- Host-Based Firewall
- Containers Runtime
- IDS
Workflow Column
The Workflow column indicates whether an alert is open or closed.
Click the status of the alert in the Workflow column to view:
- The Alert ID
- The user that updated the workflow status and the timestamp
Note: The workflow column is only interactive on a single alert. You cannot click the workflow status of grouped alerts.