Alert Status Messages

Vendor Documentation

https://www.carbonblack.com/products/endpoint-detection-and-response/

Classification

Rule Name	Rule Type	Common Event	Classification
Alert Status Messages	Base Rule	General Alert Message	Activity

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
vendorinfo	<vendorinfo>	Text/String
alert_resolution	<status>	Text/String
cb_server	<sname>	Text/String
feed_name	<objectname>	Text/String
ioc_type	<objecttype>	Text/String
ioc_value	<hash>	Text/String