Traps. After analyzing a security event, you might want to do any
of the following tasks:
Investigate whether the indicators
are related to malicious executable files and then use the Agent
Query to search for artifacts on Windows endpoints.
Disable rules temporarily that interfere with day-to-day
work. In cases where a security event does not indicate an attack
and is interfering with day-to-day work, you can disable an exploit
protection or restriction rule on a specific endpoint. See Exclude
an Endpoint from an Exploit Protection Rule.
Patch, upgrade, or fix a bug in software that indicates erroneous
behavior or a security vulnerability. Patching or upgrading third-party
applications or fixing bugs in applications that are developed in-house
can reduce the number of security events reported to the ESM Console.