Exclude an issue - You can exclude issues that are not deemed to be a threat. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation
Product
Cortex XSIAM
Creation date
2025-07-15
Last date published
2026-06-11
Category
Administrator Guide
Abstract

You can exclude issues that are not deemed to be a threat.

During the process of triaging and investigating issues, you might determine that an issue does not indicate threat. You can choose to exclude the issue, which hides the issue, excludes it from cases, and excludes it from search query results.

You can also set up issue exclusion rules that automatically exclude issues that match certain criteria. For more information, see Issue exclusions.

Note

Cortex XSIAM supports exclusion of up to 100,000 issues.

How to exclude an issue

  1. From the Issues page, locate the issue you want to exclude.

  2. Right-click the row, and select Manage IssueExclude Issue.

    A notification displays indicating the exclusion is in progress.