Excluding Events (whitelisting)

Event exclusions allows for customization of the results view for each customer or to no longer create incidents for specific events

 

To exclude certain events from populating into an app can be performed at the MSP, Customer, or Device levels.  

Exclusions made at the MSP level will affect all Customers and one made at the Customer level will apply to all of that Customer's devices.

The excluding will prevent future results of that type from being reported. 

 

Event exclusions for following apps:

Advanced Breach Detection

Crypto Mining Detections

Cyber Terrorist Network Connections

Defender Manager

Malicious File Detection

Suspicious Network Services

Suspicious tools

Endpoint Log Monitor

 

MSP Level / Customer Level

Depending on the app, locate the Technique, Tool, Country or Service of the event that is populating into the event list

mceclip3.png

mceclip4.png

 

On the related app tile select Configure

 

mceclip5.png

Locate the event in the list and toggle to NO > update

mceclip6.png

 

 

Machine Level

Locate machine from the devices list and click on details

mceclip0.png

 

mceclip1.png

 

mceclip2.png

Toggle NO for each event that needs to be whitelisted then hit Create

mceclip8.png

Incidents list

If an event created a notification, navigate to the Incidents list

mceclip1.png

 

locate the incident and click View Details

mceclip4.png

 

Navigate to that device in the devices list, view details then apps and configure for the related app to toggle NO for that event.  This will no longer create a notification and the detection will not populate into the app. 

mceclip5.png

 

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!