(Ended) Join the discussion for AMA May 4, 2021: Cortex Customer Success - XDR Alerts
cancel
Showing results for 
Search instead for 
Did you mean: 

(Ended) Join the discussion for AMA May 4, 2021: Cortex Customer Success - XDR Alerts

Community Team Member

Ask your questions from April 27 - May 3 as Cortex XDR experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event will be focused on alerts, including alert prioritization.

 

Ask questions from Tuesday, April 27 to Monday, May 3, 2021. 

 

Come back on May 4 from 8am to 10am PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

 

Want to learn more details about the event? Check out this article.

Crasmussen - LIVEcommunity | Engagement Manager 
Remember to choose a solution and give kudos | Stay Engaged!
2 ACCEPTED SOLUTIONS

Accepted Solutions


@nhussaini wrote:

What's the difference between an exclusion and an exception?


Hi @nhussaini,

An (alert) exclusion is used to suppress alerts that are of no value, while a (rule) exception is used to tune rules in protection modules that detect, prevent, and generate alerts within Cortex XDR.

--gjenkins

View solution in original post


@nhussaini wrote:

What happens to alerts that are caught by exclusions?


Hi @nhussaini,

 

Alerts caught by exclusions are prevented from being created in the Cortex XDR tenant, keeping it from being seen in the alert table or being attached in an incident. The data for the alert is still available in the QueryBuilder.

--gjenkins

View solution in original post

14 REPLIES 14

Community Team Member

Replies are now open! 
Please feel free to post your Cortex XDR related questions below! 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!

L4 Transporter

Looking forward to seeing all the great questions.

--gjenkins

L0 Member

Looking forward to seeing all the great questions.

L4 Transporter

What's the difference between an exclusion and an exception?

L4 Transporter

What happens to alerts that are caught by exclusions?

Cyber Elite
Cyber Elite

Hi Team,

 

Can Alerts that are filtered by exclusions be retrieved?

 

Regards

MP

Cyber Elite
Cyber Elite

Hi Team,

 

Can you create an exclusion rule from an alert?

 

Regards

MP

Cyber Elite
Cyber Elite

Hi Team,

 

Should we use exclusion with all alert sources as first response?

 

Regards

MP

Community Team Member

Happening TODAY at 8AM PDT - the LIVEcommunity Ask Me Anything (AMA) Q&A event.

 

Join us, ask questions and learn about Cortex XDR Alerts. Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

 

Cheers !

-Kiwi.

 
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!