Managed Detection and MDR offer a daily summary and a monthly report.

To subscribe to reports, see Set up Managed Detection and MDR Reporting Notifications.

Daily Summary - MDR

The Daily Summary available for MDR. It is a PDF that has metrics for Likely threats and all MDR-eligible alerts from the past day. For US customers, the day is 00:00 – 23:59 EST/EDT. For AUS customers, the day is 00:00 – 23:59 AEST/AEDT. The daily summary is sent by email around 06:00 local time.

These metrics include:

  • Total alerts
  • MDR Time to Response
  • Top processes & assets
  • Comparison with the past 7 days
Note: The Daily Summary does not include a list of alerts. You can export a CSV from the Alerts page in the Carbon Black Cloud console that includes fields such as mdr_alert and mdr_determination_value.

Monthly Report - Managed Detection and MDR

The Monthly Report is available for both Managed Detection and MDR. It includes a PDF with similar metrics to the Daily Summary except that it extends over the month timeframe. It also includes asset counts broken down by operating system.

MDR analysts provide curated content called Threat Intel Notifications in the Monthly Report email body. The Threat Intel Notifications contain:

  • Analyst curated reports based on observed attacks and techniques.
  • Early warnings provided by third-party public and private threat intelligence organizations.
  • Tailored policy recommendations in accordance with new threats and techniques prior to public awareness.

Threat Hunt Reporting - MTH

MTH provides reports after every threat hunt. The email report contains the following information:

  • The name and description of the threat hunt.
  • Whether or not likely threats were discovered in your environment.
  • A link to view any discovered likely threats in the Carbon Black Cloud console.
  • Additional insights and recommendations from the MDR analyst.