Closing Future Alerts (SOAR Action in ServiceNow)

You can close future alerts based on the selected alert Threat ID by using the Close All Future Alerts SOAR action.

This action can be run from an alert. It can be run on multiple alerts at the same time.
Upon successful execution, a note is added in the Alerts section in Carbon Black Cloud stating Threat was closed with the comment: <comment>.
Future alerts that have the same threat will be closed and alerts will not be generated for the same Threat ID.
If this action is performed multiple times on the same alerts, a new note will be appended in Carbon Black Cloud.