The Carbon Black Managed Detection and Response team analyzes Carbon Black analytics alerts from the Carbon Black Cloud Endpoint Standard product of severity level 5 alerts and higher. Severity level 8 alerts or higher have an SLO of two hours. Severity level 5-7 alerts are best effort.

You receive notifications through email for alerts you can act on, typically due to potential threats.

For any actionable alert, an analyst sends an email to the identified points of contact within your organization. In cases of major incidents, your CSM and sales team are also notified to ensure timely communication about the incident.

If Carbon Black Managed Detection and Response cannot reach you by email, the Carbon Black Managed Detection and Response team reaches out to your CSM and sales team.

Carbon Black Managed Detection and Response emails include IOCs, such as registry edits, hashes, IP addresses, and root causes if they are known. Emails also include initial remediation action and applicable policy recommendations. These are:

• True positives alerts.
• Better policy tuning.
• Alert response notifications by email.
• For Carbon Black Managed Detection and Response customers:
  • The action taken by analysts.
  • The team can potentially provide advice on the overall network environment. However, analysts do not have access to additional networking tools.

The only direct contact available between a Carbon Black Managed Detection and Response customer and the Carbon Black Managed Detection and Response team is through a two-way communication initiated by an incident email. Responses sent in daily summaries are not received by the team. If the customer does not have the Carbon Black Managed Detection and Response product, no direct communication is available.

To contact the team outside of an active incident investigation, contact your CSM. CSMs can then reach out to the Carbon Black Managed Detection and Response team for answers to your questions.