Views:

Edit the settings of a custom exception.

You can change the following settings categories of custom exceptions:
  • General Settings: The name and description of the exception
    Note
    Note
    Context menu exceptions do not have names.
  • Targets: The location of the objects or events you want to exclude from detections
    For example, you can exclude objects on a specific endpoint using the endpointGUID field and the globally unique identifier (GUID) of the endpoint.
  • Event source: The types of events you want to exclude from detections
    Exception type allows you to select either Filter-based exception or Global exception. Filter-based exceptions apply only to events that match the filter specified in the exception. Global exceptions apply to every event.
    WARNING
    WARNING
    If you change Exception type from Filter-based exception to Global exception, you cannot revert this exception back to filter-based.
  • Match criteria: The objects and events you want to exclude from detections
    For example, you can exclude a specific file attachment using the file_sha1 field type, the attachmentFileHash field, and the secure hash algorithm 1 (SHA-1) of the file attachment.

Procedure

  1. Go to XDR Threat InvestigationDetection Model Management and click the Exceptions tab.
  2. Click edit_icon=GUID-1F1D1164-5310-4D6D-ACD0-6049C86960AF.png for the exception you want to modify.
  3. Edit the settings you want to modify.
  4. Click Save. Your changes might take a few minutes to take effect.