Alert Revamp: New Data & Improved Usability
While a distributed digital landscape has bred new opportunities for business, it also gives rise to new cyber challenges. Endpoints remain a key attack vector for malicious actors seeking deeper access to your network.
In addition to the volume of said attacks they also continue to increase rapidly in sophistication. This, coupled with a shortage of highly skilled security analysts, further puts businesses at risk. This shortage of security experts, combined with the overwhelming volume of data that needs to be processed, can lead to alert fatigue which can then lead to missed opportunities to stop attacks early.
Focused on this problem, VMware Carbon Black is excited to announce some significant enhancements to our Alerts experience. You asked. We listened. These product features will be available within the next week or so.
These enhancements include:
- Introduction of new alert metadata such as process command line and username, parent and child process information, netconn data, additional device fields, MITRE categorization where available, and more.
- New customizable alert facets and table columns.
- Easier management and consumption of grouped alerts in an improved group by ThreatID view.
- In-product alert workflow management - allowing you to mark alerts as “In Progress” and help you better manage alert triage across your SOC team.
- Ability to classify alerts as True Positive or False Positive.
- Better note management with the ability to add notes to both individual alerts as well as threats (alerts grouped by ThreatID).
- Enhanced Alert History visibility which shows a history of all alert state transitions (ie. Open -> In Progress), comments, determination, closure information, and other items.
These enhancements will improve alert triage in the VMware Carbon Black Cloud and allow for easier management and consumption of alerts. Helping prevent alert fatigue, so security analysts can focus on what matters most.
Stay tuned for the detailed release notes that will be posted on August 16th as well as the new Alerts Experience videos that will be available in the coming days.