Carbon Black Active Threat Detected

Carbon Black Active Threat Detected

Configuration

query

device_vendor:CarbonBlack AND deviceAction:Alert AND event_class_id:Active_Threat

config

Key | Value — | — type | aggregation-v1 query | device_vendor:CarbonBlack AND deviceAction:Alert AND event_class_id:Active_Threat streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 1800000 execute_every_ms | 1800000

Last modified November 2, 2024