06-30-2025 12:23 PM
I am looking to make an exclusion or suppression of some sort for alerts generated by our Pentera Security Validation Tool. I have a SSL certificate loaded into Pentera so I can filter by that certificate if I can. However for the Vulnerability Scans with Pentera I cant use the SSL cert or any other identifier. Just trying to keep down the noise in Cortex.
07-01-2025 03:03 AM - edited 07-01-2025 03:05 AM
With Cortex XDR Pro you can automate the Alerts via Rules (AutomationRules). I do this with an automation that auto-closes (with subject "pentest") all the alert when I detect the CGO is from the Pentera MainNode IP (or the RANs, if any). IMHO this is much easier than the possibilities you have with signing the payload and or using pre/post-fixes within pentera.
With this the alerts/incidents from the pentest are staying visible in the Cortex backend (they are not excluded, just closed...) but do not fill your active incidents/alerts table.
BTW: this perfectly works also well for Detects out from a Vulnerability Assessment only - port scans for instance...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
