AI Auto Exclusions
Last updated
Was this helpful?
Last updated
Was this helpful?
The portal provides wide configuration options on AI auto-enrichment and auto-exclusions. The "AI Analysis Auto Exclusion Settings" should be saved before it starts to work. For that, users set the settings parameters.
Classify, Enrich & Auto-whitelist for Windows processes
Enabling/Disabling the auto-classify, auto-enrichment, and auto-whitelisting for Windows processes.
Classify, Enrich & Auto-exclude on Sysmon for Windows processes
Enabling/Disabling the auto-classify, auto-enrichment, and auto-whitelisting for Sysmon Windows processes.
Minimum Count Threshold for Auto AI Analysis Exclusions
The threshold setting for auto-analyze the artifacts.
Minimum Elastic Count Threshold for Auto AI Analysis Exclusions (optional, 0=disabled)
The elastic treshold for auto-exclusion.
Auto AI Analysis Exclusions Run Interval
The auto-exclusion run interval.
Auto AI Analysis Exclusions Last Execution
The auto-exclusion last execution time and date.
The "AI Questions for Auto Exclusions" section is designed for auto-exclusion actions. Users can edit and disable/enable the automation options.
If exclusions are not optimized well, the portal will eventually get slower because of the junk data collection. That's why we always suggest optimizing sysmon exclusions.
The "Can you identify the Windows Sysmon processes creating excessive traffic in the last day and show them to me to add to the Sysmon Exclusion Rules?" question is recommended for auto exclusion. If this is enabled, sysmon artifacts that were captured on the last day which created excessive traffic will be analyzed by AI and excluded.
