Exception vs Alert Exclusion - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide

Exceptions enables to you create exceptions from your baseline policy, so you can remove specific folders or paths from evaluation, or disable specific security modules. You can configure exception rules for Cortex XDR/Cortex XSIAM protection and prevention actions in a centralized location, and apply them across multiple profiles. While an Alert Exclusion is a rule that contains a set of alert match criteria that you want to suppress from Cortex XDR/Cortex XSIAM. You can add an Alert Exclusion rule from scratch or you can base the exclusion off of alerts that you investigate in an incident.