Note When using the Mark all commands be sure that you want to change all of

Note when using the mark all commands be sure that

This preview shows page 281 - 284 out of 439 pages.

Note When using the Mark all commands, be sure that you want to change all of the alerts matching the current filter and search, including those on other pages that are not displayed. Once you change the status, there is no “undo” command. Be especially careful about changing alert statuses when the view is unfiltered (i.e., showing all alerts).
Image of page 281
Chapter 14: Console and Email Alerts Cb Response User Guide 282 4. Click OK in the confirmation window to change the status of the selected alert. Ignoring Future Events for False Positive Alerts Feeds use a variety of criteria to determine if a file or event is a threat, and you might not agree with all of the alerts generated by certain feeds. When you review alerts and determine that an alert is not reporting an actual threat, you can mark that alert as a “false positive”, so you can eliminate it from the list of alerts that require your attention. Cb Response also provides a feature that allows you to ignore future instances of a false positive alert from a threat feed. You can choose to ignore an individual alert or specify that all alerts matching your search criteria be ignored in the future. To ignore the triggering event for an alert: 1. Choose Detect > Triage Alerts on the Cb Response console menu. 2. In the Alerts table, select the checkbox to the left of the alert with the triggering event you want to ignore. 3. Click the False Positive button. 4. In the Mark All as Resolved False Positive window, you can ignore future events from this report by moving the slider button to Yes . Note Keep in mind that alerts with statuses that you change will disappear from the current view if you have filtered the page for a different status. Note Only threat feed alerts can be designated as alerts to ignore. Alerts from watchlist matches are always triggered, since watchlists are assumed to use criteria specifically chosen by one or more of your Cb Response users.
Image of page 282
Chapter 14: Console and Email Alerts Cb Response User Guide 283 5. To resolve the alert and ignore future events from it, click the Resolve button. Marking events from multiple alerts to be ignored involves searching for the alerts you want to ignore, confirming that the results are what you expect, and then making a bulk resolution. Enabling Email Alerts You can enable email alerts to report events that trigger watchlist and threat intelligence feed alerts. This feature informs you of events of interest, even when you are not logged into the Cb Response console. If an event is significant enough, you can then go to the console to investigate and resolve it. The email alerts feature is enabled on a per-console user basis. Configuring an Email Server Before enabling email alerts for specific watchlists or feeds, you should decide which email server to use. You can: Use your own mail server.
Image of page 283
Image of page 284

You've reached the end of your free preview.

Want to read all 439 pages?

  • Fall '17
  • my balls
  • Login, Binary file, Cb Response

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes