AI Auto Exclusions

AI Analysis Auto Exclusion Settings

The portal provides wide configuration options on AI auto-enrichment and auto-exclusions. The "AI Analysis Auto Exclusion Settings" should be saved before it starts to work. For that, users set the settings parameters.

Parameter

Description

Classify, Enrich & Auto-whitelist for Windows processes

Enabling/Disabling the auto-classify, auto-enrichment, and auto-whitelisting for Windows processes.

Classify, Enrich & Auto-exclude on Sysmon for Windows processes

Enabling/Disabling the auto-classify, auto-enrichment, and auto-whitelisting for Sysmon Windows processes.

Minimum Count Threshold for Auto AI Analysis Exclusions

The threshold setting for auto-analyze the artifacts.

Minimum Elastic Count Threshold for Auto AI Analysis Exclusions (optional, 0=disabled)

The elastic treshold for auto-exclusion.

Auto AI Analysis Exclusions Run Interval

The auto-exclusion run interval.

Auto AI Analysis Exclusions Last Execution

The auto-exclusion last execution time and date.

The "AI Questions for Auto Exclusions" section is designed for auto-exclusion actions. Users can edit and disable/enable the automation options.

If exclusions are not optimized well, the portal will eventually get slower because of the junk data collection. That's why we always suggest optimizing sysmon exclusions.

The "Can you identify the Windows Sysmon processes creating excessive traffic in the last day and show them to me to add to the Sysmon Exclusion Rules?" question is recommended for auto exclusion. If this is enabled, sysmon artifacts that were captured on the last day which created excessive traffic will be analyzed by AI and excluded.

PreviousAI Manuel Exclusions NextAI Auto Exclusion & Enrichment for Sysmon

Last updated 3 months ago