Carbon Black determines the eligibility of an alert based on whether it is a likely threat.
The Carbon Black determination is separate from your own optional determination of an alert as a true or false positive.
| Determination | Description |
|---|---|
| Likely threat | A MDR analyst has triaged the alert and found evidence of a credible threat to your environment. Analysts will typically include in the alert a comment describing their alert investigation findings, actions taken, and any recommendations for next steps. |
| Unlikely threat | A MDR analyst has triaged the alert and found no evidence of a credible threat to your environment. |
| Not enough information | A MDR analyst has triaged the alert but did not have enough information to identify whether it was a likely or unlikely threat. Analysts will typically include a comment in the alert that describes what additional information is required. |
| No determination | The alert does not have a determination yet. Most alerts are reviewed in under 2 hours. |
| Not reviewed | MDR was not able to review the alert. No further action will be taken by the MDR team. |
Note: You will only receive notifications for
Likely Threat determinations. If you see an
Unlikely Threat determination, it is usually because you started with a
Likely Threat or
Not enough information determination that changed to
Unlikely Threat following additional investigation or MDR analyst communications.
