An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?
Which identifier is shared by all events when an alert is investigated?
An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The
analyst disables the IOC within the report from those alerts.
Which statement correctly explains what disabling the IOC will accomplish?
What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?