Viewing Alarms with Applied Carbon Black EDR Response Actions

Role Availability Read-Only Investigator Analyst Manager

USM Anywhere uses labels as a mechanism to classify alarms Alarms provide notification of an event or sequence of events that require attention or investigation.. These labels make it easy to filter items by an applied label so that you can locate them easily and track their status. When the BlueApp for Carbon Black EDR executes a response action for an alarm, it automatically applies the Carbon Black label to it. You can select this label as a filter so that a page displays data for only the items related to an BlueApp for Carbon Black EDR action.

To view alarms with applied response actions

  1. Open the Alarms page.
  2. If the Search & Filters panel is not displayed, click the icon to expand it.

    USM Anywhere includes several filters displayed by default.

  3. Locate the Labels filter and select Carbon Black.

    Use the Labels filter to view items with the Carbon Black label

    If the Labels filter is not displayed, click Configure Filters at the bottom of the Search & Filters pane to configure filters for the page. See Managing Filters for more information about configuring filters for the page display.

    In the displayed list, you can scroll the list to the right and view the Labels column.

    Scroll the list to the right to view the Labels column