Is there a way to permanently exclude incident?

NinjaLee · February 2019

Hello,

Is there a way to permanently exclude an incident from alerting us? We have a script that triggers an alert when it runs. Even though we click Incident > False positive > Archive, we still get an alert the next time it runs.

Please advise. Thanks

NinjaLee · March 2019

I assume there's no way?

RomanH · March 2019

Hi,

Sorry for the delay in answering. There is no way to permanently exclude an incident. This would also be not recommended as it could mask dangerous activity in the future. What can be done at the moment is use the Request Whitelisting link under support to request whitelisting of a particular process or activity that might be causing false positives in your organization. See link:

We are working on improving the whitelisting functionality so that you could trigger this directly from the BCD in the portal.

Is there a way to permanently exclude incident?

Comments

Categories