Abstract
You can exclude alerts that are not deemed to be a threat.
During the process of triaging and investigating alerts, you might determine that an alert does not indicate threat. You can choose to exclude the alert, which hides the alert, excludes it from incidents, and excludes it from search query results.
You can also set up alert exclusion rules that automatically exclude alerts that match certain criteria. For more information, see Alert exclusions.
How to exclude an alert
From the Alerts page, locate the alert you want to exclude.
Right-click the row, and select
→ .A notification displays indicating the exclusion is in progress.