MS-A223 - Managed Sentinel

Managed Sentinel – Alert 223

Alert ID	MS-A223
Alert Name	Carbon Black Query Hit Events
Description	This alert identifies Carbon Black query hit events (process path, source IPs, source hosts, feed name).
Severity Level	Low
Threat Indicator
MITRE ATT&CK Tactics	DefenseEvasion Execution Collection
Log sources	Carbon Black
False Positives
Recommendations