Alert Exclusion - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

An alert exclusion is a rule that contains a set of alert match criteria that you want to suppress from Cortex XDR. You can add an Alert Exclusion rule from scratch or you can base the exclusion off of alerts that you investigate in an incident. After you create an exclusion rule, Cortex XDR excludes and no longer saves any of the future alerts that match the criteria from incidents and search query results. If you select to apply the policy to historic results as well as future alerts, Cortex XDR identifies the historic alerts as grayed out.