Exclude an alert - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2025-01-16
Category
Administrator Guide
Abstract

You can exclude alerts that are not deemed to be a threat.

Notice

This functionality requires a Cortex XDR Pro license.

During the process of triaging and investigating alerts, you might determine that an alert does not indicate threat. You can choose to exclude the alert, which hides the alert, excludes it from incidents, and excludes it from search query results.

You can also set up alert exclusion rules that automatically exclude alerts that match certain criteria. For more information, see Alert exclusions.

How to exclude an alert
  1. From the Alerts page, locate the alert you want to exclude.

  2. Right-click the row, and select Manage AlertExclude Alert.

    A notification displays indicating the exclusion is in progress.