Event exclusions allows for customization of the results view for each customer or to no longer create incidents for specific events
To exclude certain events from populating into an app can be performed at the MSP, Customer, or Device levels.
Exclusions made at the MSP level will affect all Customers and one made at the Customer level will apply to all of that Customer's devices.
The excluding will prevent future results of that type from being reported.
Event exclusions for following apps:
Advanced Breach Detection
Crypto Mining Detections
Cyber Terrorist Network Connections
Defender Manager
Malicious File Detection
Suspicious Network Services
Suspicious tools
Endpoint Log Monitor
MSP Level / Customer Level
Depending on the app, locate the Technique, Tool, Country or Service of the event that is populating into the event list
On the related app tile select Configure
Locate the event in the list and toggle to NO > update
Machine Level
Locate machine from the devices list and click on details
Toggle NO for each event that needs to be whitelisted then hit Create
Incidents list
If an event created a notification, navigate to the Incidents list
locate the incident and click View Details
Navigate to that device in the devices list, view details then apps and configure for the related app to toggle NO for that event. This will no longer create a notification and the detection will not populate into the app.
