After you have configured an email server, any watchlist or feed can be configured to send email alerts when it gets a hit on a Carbon Black EDR sensor.
You can turn on/off email alerts for individual watchlists and feeds as needed (for example, if you find that a watchlist or feed is creating too much email traffic). Email alerts for any specific watchlist or feed are enabled on a per-user basis.
Note: If you have upgraded from a previous release of
Carbon Black EDR, any email alerts that you had enabled for watchlists and threat intelligence feeds remain enabled after the upgrade.
Enable Email Alerts for a Watchlist
Perform the following procedure to enable email alerts for a watchlist.
Procedure
- On the navigation bar, click Watchlists.
- Select the watchlist for which to enable email alerts. If the watchlist name is not visible or you are not sure what the name is, use the Search field.
- Confirm that the watchlist is enabled.
- Check the Email Me check box.
Enable Email Alerts for a Threat Intelligence Feed
Perform the following procedure to enable email alerts for a Threat Intelligence feed.
Procedure
- On the navigation bar, click Threat Intelligence.
- To activate email alerts for a feed, select the Email Me on Hit check box.
