Do I need to remediate or whitelist the events in the apps?

The detections that populate into the app are events that are used by the the SOC.  These events have been triaged and are used by the SOC to investigate and monitor for potential breaches. There is no action to take on any of the events, any detection that needs to be elevated as a potential threat will create an incident notification. The events will stay in the app and auto-archive after 35 days.

*NOTE - it is not recommended to manually archive events in the apps, as this will blind the SOC and could prevent them from being able to do a more thorough investigation. 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section