Exception vs Alert Exclusion - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation

Exceptions enables to you create exceptions from your baseline policy, so you can remove specific folders or paths from evaluation, or disable specific security modules. You can configure exception rules for Cortex XDR/Cortex XSIAM protection and prevention actions in a centralized location, and apply them across multiple profiles. While an Alert Exclusion is a rule that contains a set of alert match criteria that you want to suppress from Cortex XDR/Cortex XSIAM. You can add an Alert Exclusion rule from scratch or you can base the exclusion off of alerts that you investigate in an incident.