Recommendations are available in the Carbon Black Cloud Endpoint Standard product and assist you in tuning your console and optimizing your environment. The Carbon Black Cloud prioritizes suggested recommendations based on the impact and relevance they have on your organization's environments. It allows you to review these recommended actions further before accepting and implementing them.
After you accept a recommendation, the Carbon Black Cloud applies it, and adds it to a reputation approved list.
- The New tab holds the latest recommendations for your organization. Here you decide to accept or reject a recommendation.
- The Review tab lists all recommendations that you already accepted or rejected.
You can view recommendations in thepanel as well.
You are presented with up to 10 recommendations per day with new recommendations being updated daily. The recommendations that are not reviewed expire in 30 days.
- Recommendation type.
- The approximate number of blocked events in your organization over the past 30 days.
- The approximate number of devices in your organization impacted by these events.
- Links to the Investigate page where you can see sensor events and devices related to that recommendation.
- If you enable Carbon Black Cloud Enterprise EDR, you can view binary details for the SHA-256.
Any actions you perform within the Recommendations page and actions related to recommendations in the Reputation page are logged into the Audit Log page. These actions can include accepting and rejecting a recommendation, adding hashes, and IT tools to the approved list, or removing them from the approved list.
For more information on reputations, see Manage Reputations.
To access the audit log content in the Carbon Black Cloud console, navigate to the page, and search for recommendation. You can export the filtered recommendations into a .csv file through the download icon .
For more information, see Audit Logs.