Is there a way to permanently exclude incident?

Aspirant

Is there a way to permanently exclude incident?

Hello,

 

Is there a way to permanently exclude an incident from alerting us? We have a script that triggers an alert when it runs. Even though we click Incident > False positive > Archive, we still get an alert the next time it runs. 

 

Please advise. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
F-Secure

Re: Is there a way to permanently exclude incident?

Hi,

 

Sorry for the delay in answering. There is no way to permanently exclude an incident. This would also be not recommended as it could mask dangerous activity in the future. What can be done at the moment is use the Request Whitelisting link under support to request whitelisting of a particular process or activity that might be causing false positives in your organization. See link:

 

 

Whitelisting.png

 

We are working on improving the whitelisting functionality so that you could trigger this directly from the BCD in the portal. 

 

 

2 REPLIES 2
Aspirant

Re: Is there a way to permanently exclude incident?

 I assume there's no way?

Highlighted
F-Secure

Re: Is there a way to permanently exclude incident?

Hi,

 

Sorry for the delay in answering. There is no way to permanently exclude an incident. This would also be not recommended as it could mask dangerous activity in the future. What can be done at the moment is use the Request Whitelisting link under support to request whitelisting of a particular process or activity that might be causing false positives in your organization. See link:

 

 

Whitelisting.png

 

We are working on improving the whitelisting functionality so that you could trigger this directly from the BCD in the portal.