The Carbon Black Passthrough Rule is designed to provide enhanced context for security alerts generated from the Carbon Black environment. This rule dynamically enriches the alert title and description by utilizing the data embedded in the alert logs. When triggered, it can help security teams better understand the nuances of the alert, including the tactics employed by potential threats, and the actions taken by the security platform in response. The main data points captured in the alerts include the attack tactic, blocked executable details, device identifiers, and the specific incidents leading to the alert. The rule operates by processing logs of type CarbonBlack.AlertV2, and generates alerts based on defined thresholds, reporting key attributes such as threat ID, event timestamps and user/device associations. As a result, it enables a more effective response to potential security incidents, leveraging the insights offered by Carbon Black.