Alert Exclusions

The
Alert Exclusions
page displays all alert exclusions in Cortex XDR.
alert-exclusions.png
An
alert exclusion
is a policy that contains a set of alert match criteria that you want to suppress from Cortex XDR. You can Add an Alert Exclusion Policy from scratch or you can base the exclusion off of alerts that you investigate in an incident. After you create an exclusion policy, Cortex XDR hides any future alerts that match the criteria from incidents and search query results. If you choose to apply the policy to historic results as well as future alerts, the app identifies any historic alerts as grayed out.
The following table describes both the default fields and additional optional fields that you can add to the alert exclusions table and lists the fields in alphabetical order.
Field
Description
check-box.png
Check box to select one or more alert exclusions on which you want to perform actions.
BACKWARD SCAN STATUS
Exclusion policy status for historic data, either enabled if you want to apply the policy to previous alerts or disabled if you don’t want to apply the policy to previous alerts.
COMMENT
Administrator-provided comment that identifies the purpose or reason for the exclusion policy.
DESCRIPTION
Text summary of the policy that displays the match criteria.
MODIFICATION DATE
Date and time when the exclusion policy was created or modified.
NAME
Descriptive name provided to identify the exclusion policy.
POLICY ID
Unique ID assigned to the exclusion policy.
STATUS
Exclusion policy status, either enabled or disabled.
USER
User that last modified the exclusion policy.
USER EMAIL
Email associated with the administrative user.

Recommended For You