During alert triage, you can investigate the alert and take action to address the alert.

Important: If the Alert Triage page displays "no data," the system may still be gathering data in the background. Please be patient; it may take several minutes to populate the page depending on the quantity of new alerts. Refreshing the page after a brief wait may resolve the issue. (This is a known issue that will be resolved in the near future.)
  • Click Investigate to view and analyze observations that triggered an alert on the Investigate page.
  • Click the orange Take Action button to:
    • Add to approved list
    • Add to banned list
    • Request upload
    • Find in VirusTotal
    • Delete application
  • View the observations that triggered an alert on the Alert Details pane.
    Note: Host-Based Firewall and IDS alerts contain a maximum of 100 observations. Beyond 100, Carbon Black Cloud suppresses additional duplicate observations.