Issue exclusions - Learn how to review and manage issue exclusions. - Administrator Guide - Cortex XDR - Cortex - Security Operations

The Settings → Exception Configuration → Issue Exclusions page displays the issue exclusion rules in Cortex XDR.

An Issue Exclusion is a rule that contains a set of issue match criteria for issues that you want to suppress in Cortex XDR. You can add an Issue Exclusion rule from scratch, or base the exclusion on issues that you investigate in a case. After you create an exclusion rule, Cortex XDR excludes the issues that match the criteria from cases and search query results, and no longer saves any of the matching issues that are generated in the future. If you select to apply the policy to historic results as well as future alerts, Cortex XDR displays the historic alerts as unavailable.

The following table describes both the default fields and additional optional fields that you can add to the issue exclusions table, and lists the fields in alphabetical order.

Field	Description
	Checkbox to select one or more issue exclusions on which you want to perform actions.
Backward Scan Status	Exclusion policy status for historic data, either enabled if you want to apply the policy to previous issues, or disabled if you don’t want to apply the policy to previous issues.
Comment	Administrator-provided comment that describes the purpose or reason for the exclusion policy.
Description	Text summary of the policy that displays the match criteria.
Modification Date	Date and time when the exclusion policy was created or modified.
Name	Descriptive name provided to identify the exclusion policy.
Policy ID	Unique ID assigned to the exclusion policy.
Status	Exclusion policy status, either enabled or disabled.
User	User that last modified the exclusion policy.
User Email	The administrative user's email address.