User would like to create a custom watchlist in the VMware Carbon Black Cloud console.
VMware Carbon Black Cloud
- Navigate to the Investigate page.
- Execute a desired search query.
- Select Add search to threat report under the search magnifying glass.
- Under the Select a Watchlist heading in the Add Query modal, select Add new.
- Enter a name for the watchlist.
- Enter a description for the watchlist if desired.
- Enable Alert on Hit if the watchlist is desired to alert users when IOCs match incoming data.
- Selecting Evaluate on all existing data will perform a one time query of all past data available in the console.
- Enter a name for the threat report that will contain the search query executed previously in this process.
- Enter a description for the threat report if desired.
- Set a desired severity.
- Enter any tags to be applied to the threat report.
- Select Save.