Is there a way to permanently exclude incident?
Hello,
Is there a way to permanently exclude an incident from alerting us? We have a script that triggers an alert when it runs. Even though we click Incident > False positive > Archive, we still get an alert the next time it runs.
Please advise. Thanks
Comments
-
I assume there's no way?
0 -
Hi,
Sorry for the delay in answering. There is no way to permanently exclude an incident. This would also be not recommended as it could mask dangerous activity in the future. What can be done at the moment is use the Request Whitelisting link under support to request whitelisting of a particular process or activity that might be causing false positives in your organization. See link:
We are working on improving the whitelisting functionality so that you could trigger this directly from the BCD in the portal.
6