August 10, 2023

Alert Revamp: New Data & Improved Usability

While a distributed digital landscape has bred new opportunities for business, it also gives rise to new cyber challenges. Endpoints remain a key attack vector for malicious actors seeking deeper access to your network.

While a distributed digital landscape has bred new opportunities for business, it also gives rise to new cyber challenges. Endpoints remain a key attack vector for malicious actors seeking deeper access to your network.

In addition to the volume of said attacks they also continue to increase rapidly in sophistication. This, coupled with a shortage of highly skilled security analysts, further puts businesses at risk. This shortage of security experts, combined with the overwhelming volume of data that needs to be processed, can lead to alert fatigue which can then lead to missed opportunities to stop attacks early.

Focused on this problem, VMware Carbon Black is excited to announce some significant enhancements to our Alerts experience. You asked. We listened. These product features will be available within the next week or so.

These enhancements include:

  • Introduction of new alert metadata such as process command line and username, parent and child process information, netconn data, additional device fields, MITRE categorization where available, and more.
  • New customizable alert facets and table columns.
  • Easier management and consumption of grouped alerts in an improved group by ThreatID view.
  • In-product alert workflow management - allowing you to mark alerts as “In Progress” and help you better manage alert triage across your SOC team.
  • Ability to classify alerts as True Positive or False Positive.
  • Better note management with the ability to add notes to both individual alerts as well as threats (alerts grouped by ThreatID).
  • Enhanced Alert History visibility which shows a history of all alert state transitions (ie. Open -> In Progress), comments, determination, closure information, and other items.

These enhancements will improve alert triage in the VMware Carbon Black Cloud and allow for easier management and consumption of alerts. Helping prevent alert fatigue, so security analysts can focus on what matters most.

Stay tuned for the detailed release notes that will be posted on August 16th as well as the new Alerts Experience videos that will be available in the coming days.

Filter Tags

Blog Document

Sowmya Jayakirthi

Read More from the Author

Content Marketing Manager Hello, I'm Sowmya Jayakirthi, a seasoned professional with an impressive 17 year track record in the field of technical writing. With expertise in creating clear and concise documentation, and has effectively communicated complex concepts to diverse audiences. In addition, I bring in a year of experience as a content strategist, leveraging my strategic mindset to develop impactful content strategies. My passion is to deliver high-quality technical content and drive effective content strategies for Carbon Black Tech Zone.

VIEW MORE

Alisha Smith

Read More from the Author

Senior Product Marketing Manager