Subnet support for Behavior Threats static policies exclusion list.
Manually adding individual custom IP addresses to exclude
specific hosts from behavioral monitoring creates unnecessary administrative overhead.
Subnet support for Behavior Threats exclusions addresses this challenge by allowing you
to define entire network ranges directly within your static exclusion policies. Previously, you
were limited to single IP entries, but now you can exclude large blocks of trusted
infrastructure, such as management subnets or backup segments, using a single CIDR
entry. This capability enables you to significantly reduce false positives and alert
fatigue by broad-masking trusted internal networks that generate unusual traffic
patterns. Furthermore, your policies will automatically cover new hosts provisioned
within an excluded subnet, ensuring consistent protection without requiring manual
updates for every server addition.
This feature is applicable
only for the following four static policies:
