Exception vs Alert Exclusion - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Exceptions enables to you create exceptions from your baseline policy, so you can remove specific folders or paths from evaluation, or disable specific security modules. You can configure exception rules for Cortex XDR/Cortex XSIAM protection and prevention actions in a centralized location, and apply them across multiple profiles. While an Alert Exclusion is a rule that contains a set of alert match criteria that you want to suppress from Cortex XDR/Cortex XSIAM. You can add an Alert Exclusion rule from scratch or you can base the exclusion off of alerts that you investigate in an incident.