Alert Exclusions
Suggest changes
PDFs
Alert Exclusion lets you suppress alert generation for specific file types, users and directory paths. Use this to reduce false positives by excluding known, expected activity that may otherwise match alert patterns.
Alert Exclusion is configured per tenant and includes the following:
-
File Types: suppress File Tampering alerts on specific file extensions
-
Users: suppress alerts triggered by selected users.
-
Paths: suppress alerts for activity on selected directory paths (up to four directory levels, starting at the junction path).
File type exclusion (also known as 'Allowed File Type Policies') has been updated and described in Allowed File Types.
Users' exclusion list is supported by type-ahead, where admins can select users to be excluded for alerts.
Directory exclusion supports up to four levels of directory paths, beginning with the junction path.
Individual users and directory paths can be added to or removed from the respective exclusion list. Every entry in each list will have the information of when and by whom was it added to the list, and this information will be used for auditing purpose.
Manage exclusions and auditing
-
Admins can add or remove file extensions, individual users, or paths at any time.
-
Each exclusion entry records the name of the admin whi set it and the date it was set. This information is retained for auditing.
